• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Tech News»Chinese APT using PlugX malware on espionage targets
Tech News

Chinese APT using PlugX malware on espionage targets

September 8, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Chinese APT using PlugX malware on espionage targets
Share
Facebook Twitter LinkedIn Pinterest Email

Bronze President, the China-backed advanced persistent threat (APT) group that also goes by the name of Mustang Panda, has been conducting a widespread campaign against targets of interest to Chinese espionage, using documents that spoof official diplomatic notices to lure in their victims.

Observed by the Secureworks Counter Threat Unit (CTU), a series of attacks that unfolded during June and July used a PlugX malware to target the computer systems of government officials in several countries in Europe, the Middle East and South America.

“Several characteristics of this campaign indicate that it was conducted by the likely Chinese government-sponsored Bronze President threat group, including the use of PlugX, file paths and naming schemes previously used by the threat group, the presence of shellcode in executable file headers, and politically themed decoy documents that align with regions where China has interests,” the CTU team said in its write-up.

PlugX is a modular type of malware that calls back to a command and control (C2) server for tasking and, as such, is capable of downloading additional plugins to enhance its capabilities and functionality beyond mere information-gathering, making it particularly dangerous.

In the Bronze President campaign, it arrived at its targets embedded within RAR archive files. Opening this archive on a Windows system with default settings enabled displays a Windows shortcut (LNK) file masquerading as a document.

Alongside this shortcut is a hidden folder containing the malware, which is embedded eight levels deep in a series of hidden folders named with special characters. This tactic is likely a means to try to bypass email-scanning defences that may not look at the whole path when scanning content. In turn, said Secureworks, it suggests the delivery method is phishing emails, as there is no other real benefit to doing this.

See also  Autonomous electric truck company Einride rides into Germany • DailyTech

To execute the PlugX malware, the user must click the LNK file, ultimately leading to the loading, decryption and execution of the PlugX payload. During this process, the decoy document – an example of which is shown below – is dropped.

The CTU team said the politically themed documents suggested Bronze President’s activities are currently geared towards government officials in various countries of interest to China.

In the above example, a Turkish official is targeted with a notification, supposedly from the British government, of the appointment of a new ambassador (at the time of writing Dominick Chilcott remains the incumbent British ambassador in Ankara). In common with other recent Chinese campaigns, the targeting of Turkey probably reflects its strategic importance in the ongoing battle for Ukraine.

Ukraine has been a key focus for Bronze President, which has been highly active in 2022, supporting China’s intelligence-gathering agenda related to the war. In May, it was observed by Cisco Talos targeting European and Russian entities, also using PlugX, in a similar campaign that spoofed European Union reports on the conflict.

“Bronze President has demonstrated an ability to pivot quickly for new intelligence collection opportunities,” said the Secureworks team. “Organisations in geographic regions of interest to China should closely monitor this group’s activities, especially organisations associated with or operating as government agencies.”

More technical information on this campaign, including indicators of compromise, is available from Secureworks.

Source link

APT Chinese espionage malware PlugX targets
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Chinese VCs Lived the Silicon Valley High Life. Now the Party’s Over | Startup

May 3, 2023

How ChatGPT—and Bots Like It—Can Spread Malware

April 22, 2023

How Chinese Netizens Swamped China’s Internet Controls

December 2, 2022

What is a Service Robot? The vision of an intelligent service application is possible.

November 7, 2022
Add A Comment

Comments are closed.

Editors Picks

Black Panther: Wakanda Eternally’s first trailer introduces Namor

July 24, 2022

Meet the Humans Trying to Keep Us Safe From AI

June 27, 2023

PS5 receives big update with highly requested new feature

September 7, 2022

Private Internet Access review: A great-value VPN

September 28, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.