Wiz experts have discovered a malicious campaign that was active since September 2022, in which hackers attacked thousands of sites in Asia.
Let me remind you that we also wrote that Chinese hackers use a new backdoor to spy on the country’s government from Southeast Asia, and also that Chinese Hack Group Aoqin Dragon Has Been Quietly Attacking Companies Since 2013.Also the media reported that Cyber-Espionage Group Worok Attacks Asian Governments and Companies.
At least 10,000 sites targeting an East Asian audience have been hacked and are now redirecting visitors to adult sites.
The hacked sites belong to either to small firms and or multinational corporations, all using different technology stacks and hosting, making it difficult to spot a common attack vector. One of the few “common denominators” is that most of the compromised resources are hosted in China or in another country, but are targeted at Chinese users.
Attackers inject malicious JavaScript into hacked sites, often connecting to the target web server using real FTP credentials. And how exactly the attackers get them, the experts failed to find out.
The report also notes that URLs hosting malicious JavaScript are restricted to specific geofences so that the code only runs in a number of East Asian countries.
In addition, experts have found signs that this campaign is also aimed at Android. In such cases, the redirect script takes visitors to gambling sites that call for installing a special application (APK com.tyc9n1999co.coandroid).
What kind of group is behind these attacks, and what goals it pursues, is still unclear until the end. A notable aspect of these attacks is the absence of phishing, web skimming, or malware. One theory says that the purpose of hackers is ad fraud and SEO manipulation. It’s also possible that it’s about driving non-organic traffic to specific sites.
User Review
( votes)
