New Backdoor Deployed by Chinese Hackers Targets Taiwanese Financial Institutions

A new report has been recently published where researchers state that Chinese threat actors have been targeting Taiwanese financial institutions for a period of 18 months.

APT Group Targets Taiwan’s Organizations

According to the Symantec experts, who released a report on this topic, a Chinese APT group has been targeting Taiwanese financial institutions in a malicious campaign described as “persistent”.

Reportedly, they first started espionage activities, however, the discoveries stated that this resulted in deploying a backdoor dubbed xPack. This way hackers would achieve considerable control over the targeted machines.

The attackers deployed a custom backdoor we have called xPack on compromised systems, which gave them extensive access to victim machines.  (…) The backdoor allowed the attackers to run WMI commands remotely, while there is also evidence that they leveraged EternalBlue exploits in the backdoor. The attackers appeared to have the ability to interact with SMB shares, and it’s possible that they used mounted shares over SMB to transfer files from attacker-controlled infrastructure. There is also evidence that the attackers were able to browse the web through the backdoor, likely using it as a proxy to mask their IP address. (…) The goal of this campaign appears to have been

Read More: https://heimdalsecurity.com/blog/new-backdoor-deployed-by-chinese-hackers-targets-taiwanese-financial-institutions-researchers-say/