Chinese Hackers Target Taiwanese Financial Institutions with New Stealthy Backdoor
Reading Time: 2 minutes

Chinese hackers target Taiwanese financial institutions with a new stealthy backdoor as part of a “persistent campaign” that lasted for at least 18 months.

Broadcom-owned Symantec in a report last week said the primary intention behind the attacks was espionage. The group deployed xPack backdoor which granted them extensive control over compromised machines.

The significant point of this campaign was the amount of time the attackers managed to lurk on victims’ networks. Giving them ample time to carry out a detailed investigation of the network and exfiltrate potentially sensitive information related to business contacts and investments without raising any red flags.

The threat actor managed to spend nearly 250 days on one of the unnamed financial organizations between December 2020 and August 2021. In yet another case involving a manufacturing entity, they spent nearly 175 days. 

It is still not clear the initial access vector they used to breach the targets. Though it is suspected the threat actor – Antlion leveraged a web application flaw to gain a foothold and drop the xPack custom backdoor. This is employed to execute system commands, drop subsequent malware and tools, and stage data for exfiltration.

The threat actor also used C++-based custom loaders in combination with legitimate off-the-shelf tools such as AnyDesk and living-off-the-land (LotL) techniques to gain remote access, dump credentials, and execute arbitrary commands.

The researchers further said, “Antlion is believed to have been involved in espionage activities since at least 2011, and this recent activity shows that it is still an actor to be aware of more than 10 years after it first appeared.”

Earlier last week  News Corp,a media giant, was hit by Chinese hackers who managed to gain access to employees’ emails and stole company data in an attack. The list is growing with Chinese hackers targeting government, healthcare, transportation, and educational institutions in the country.

Related Articles:
Swissport – World’s Largest Airport Ground Service Hit By Ransomware Attack
US Government Seeks Five year Jail Term for Nintendo hacker
Cisco Fixes Critical Flaws in Small Business Routers