Recently, we talked about how Trustwave specialists found that an unnamed Chinese bank forced Western…
The company’s report states that the criminals sent malicious documents to the Foreign Ministry, posing as employees of the government of the same country. By opening the document, the victim launched a chain of actions that eventually led to the deployment of the backdoor. This malware, in turn, collected any information about the infected system (for example, a list of files and active programs), and also provided attackers with remote access to the infected device.
The backdoor, which the group has been developing for about three years, overrides the usual authentication procedures for accessing the system. The backdoor module with the internal name VictoryDll_x86.dll contains custom malware with many hacking tools.
Experts associate this spy campaign with China, basing on the following artifacts and signs:
Let me remind you that we talked about the fact that the Chinese authorities use Tianfu Cup as a source of exploits, as well as that the Chinese authorities use AI to analyze emotions of Uyghur prisoners.
Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…
Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…
Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…
Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…
Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…
Helistym.xyz is a site that tries to force you into clik to its browser notifications…