Cybercriminals allegedly affiliated with the Chinese government VLC media player to deal malware en masse through a malicious campaign lasting several months. The information was released by Symantec researchers on Tuesday (05).
According to experts from the cybersecurity company, attackers DLL file from the popular media player for a modified version. When the infected program runs on the victim’s device, the malicious agent takes action and can perform various illegal activities.
Kind malware installed from modified VLC It depends on the target hit by the Chinese hackers. In one of the recent events, the researchers identified the installation of the Sodamaster backdoor, which can only run in RAM, steal data and: espionage undetected by the user.
This recording was linked to the group by the researchers. cicadaAlso known by the codenames Stone Panda, APT10, menuPass, Potassium, and Red Apollo. The organization, which is often linked to the Chinese state, has been actively involved in various cyber attacks since 2006.
global action
According to the report, this new campaign led by Cicada, which may have exploited flaws in Microsoft Exchange, infected VLC, apparently designed to spy on non-governmental organizations (NGOs) in the fields of education and religion. Government agencies and companies in the legal, pharmaceutical and telecommunications industries are also among the targets.
The victims are spread across three continents and have their headquarters in countries such as the United States, Italy, Montenegro, Israel, Hong Kong, Turkey, Canada, and India. A target has also been detected in Japan, a region often attacked by these invaders.
The group, which has at least two members accused of stealing classified information from US companies to pass it on to the Chinese administration, has managed to infiltrate some victims’ networks for up to nine months.
Source: Tec Mundo
