In June 2020, Kaspersky researchers uncovered an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. The final payload is a remote administration tool that provides full control over the infected device. Further analysis suggested that this campaign was conducted by a group related to Cycldek, a Chinese-speaking threat group active since at least 2013, and it represents a major step up in terms of sophistication.
Chinese-speaking threat actors often share their techniques and methodologies with each other, which makes it easier for Kaspersky researchers to hunt for advanced persistent threat (APT) activity related to such well-known cyberespionage groups as LuckyMouse, HoneyMyte, and Cycldek. That’s why, when they saw one of their most well-known tactics “the DLL side-loading triad” targeting government and military entities in Vietnam, they immediately took notice.
Apr 8, 2021
In June 2020, Kaspersky researchers uncovered an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. The final payload is a remote administration tool that provides full control over the infected device.
Further analysis suggested that this campaign was conducted by a group related to Cycldek, a Chinese-speaking threat group active since at least 2013, and it represents a major step up in terms of sophistication.
Chinese-speaking threat actors often share their techniques and methodologies with each other, which makes it easier for Kaspersky researchers to hunt for advanced persistent threat (APT) activity related to such well-known cyberespionage groups as LuckyMouse, HoneyMyte, and Cycldek. That’s why, when they saw one of their most well-known tactics – “the DLL side-loading triad” – targeting government and military entities in Vietnam, they immediately took notice.
Vietnamese hack signals major leap in APAC cyber espionage campaigns
Vietnamese hack signals major leap in APAC cyber espionage campaigns
Based on the existence of stripped headers. Credit: Dreamstime
A cyber attack largely targeting Vietnamese recipients has indicated that Chinese-speaking threat actors could potentially be expanding the scope of their cyber espionage campaigns.
This is according to cyber security vendor Kaspersky, which claimed the trend was highlighted in a cyber campaign in June 2020, where a group related to the Chinese-speaking threat actor Cycldek allegedly went after Vietnam’s government and military sectors, as well as other targets in Central Asia and Thailand.
Cybercriminals deploy pandemic, vaccine themes to target banks, cryptocurrency exchanges in SEA pia.gov.ph - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from pia.gov.ph Daily Mail and Mail on Sunday newspapers.
Before this most recent campaign, the hackers have been involved in other large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. These latest attacks signal a change in direction.
Researchers said they became aware of this campaign when they were called in to assist with incident response and discovered the organization had fallen victim to the ThreatNeedle backdoor.
The initial infection occurs through spear-phishing, in which targets receive emails with malicious Word attachments or links to them hosted on company servers. These emails claim to have urgent updates on the coronavirus pandemic and appear to come from a respected medical center.