The Hacker News -
A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly.
In late August, Slovakian cybersecurity firm ESET disclosed details of an implant called SideWalk, which is designed to load arbitrary plugins sent from an attacker-controlled server, gather information about running processes in the compromised systems, and transmit the results back to the remote server.
The cybersecurity firm attributed the intrusion to a group it tracks as SparklingGoblin, an adversary believed to be connected to the Winnti (aka APT41) malware family.
But latest research published by researchers from Broadcom’s Symantec has pinned the SideWalk backdoor on the China-linked espionage group, pointing out the malware’s overlaps with the older Crosswalk malware, with the latest Grayfly hacking activities singling out a number of organizations in Mexico, Taiwan, the U.S., and Vietnam.
“A feature of
The post Experts Link Sidewalk Malware Attacks to Grayfly Chinese Hacker Group first appeared on The Hacker News.