(Photo : NICOLAS ASFOURI/AFP via Getty Images)
(FILES) In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, China’s southern Guangdong province. – As the number of online devices surges and super-fast 5G connections roll out, record numbers of companies are offering up to seven-figure rewards to ethical hackers who can successfully attack their cybersecurity systems
Grayfly activities are continuously operating while targeting MySQL and Exchange servers in the US, Mexico, Taiwan, and Vietnam.
According to what the cybersecurity researchers found out recently, the SideWalk malware is connected to the Chinese hacker group.
ESET Shares Details About SideWalk
On Friday, Sept.10, The Hacker News reported that ESET, a cybersecurity company based in Slovakia, has divulged some information about the SideWalk malware.
The firm said that the implant was created to collect information, destroy several systems, and ruin plugins sent by the attacker.
The same group, which discovered “SparkingGoblin,” mentioned that the actor behind the SideWalk campaign was responsible for the emergence of the Winnti malware, which is also known as APT41.
Symantec Researchers Reveal Latest Report About SideWalk
According to a Sept. 9 report from Symantec, a threat-hunting team has found out that “Grayfly,” a notorious group of Chinese hackers, was connected to the SideWalk malware.
The China-based team of spies has been operating across the US, Taiwan, Vietnam, and Mexico.
The report added that the group has been inflicting damage in the telecommunication sector, besides the finance, IT, and media organizations.
Since 2017, Grayfly’s activities are mainly composed of hacking and espionage.
While exploiting the MySQL web servers, the dangerous cybercriminals also spread the malware and install web shells to gather more data and stabilize their remote connection.
Symantec also spotted that the Chinese hackers conducted PowerShell command execution to Microsoft Exchange Server. This would pave the way for the SideWalk malware to emerge and even use a credential-dumping tool that is the same as Mimikatz
The researchers said that Grayfly hackers are currently gearing up to create more tools that will bypass the regular security system.
Even worse, the Chinese crew will resume their exploitative operations to carry out more attacks and compromise many systems.
Read Also: Microsoft Provides Fix for Office 365 Users Afftected by Zero-Day Security Flaw Attacks
Chinese-Related Hacking Incidents
Last month, authorities from Russia’s Federal executive were alarmed by the sudden appearance of the Webdav-O virus.
When the Singaporean cybersecurity firm, Group IB studied how it moves, it was found out that the Trojanware came from China.
At that time, the researchers believed that the “TaskMasters” group was behind the malicious scheme. It is also the same group that has installed BlueTraveller malware previously.
In July, Microsoft discovered an influx of zero-day vulnerabilities in SolarWinds. According to the tech giant, the Chinese hackers were the ones responsible for the attack.
At the time of writing, Microsoft further explained that the cybercriminals have been attacking the development sector and military research in the United States.
Later, the tech giant concluded that the group has been active in relying on VPN and routers for their operations.
Microsoft extended help to SolarWinds during the attack by releasing the list of potential indicators that the infected systems might encounter.
Related Article: Fortinet VPN Users’ Compromised as Hacker Gang Leaks 500,000 Passwords on Dark Web Forum
This article is owned by Tech Times
written by Joseph Henry
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.