Researchers Uncover Tools And Tactics Used By Chinese Hackers

Over the years, several reports associated with cybercriminals have been based in Russia and Western countries.

This is due to the fact that many sophisticated cyber attacks and data leaks originate from these regions.

Though this is the case, there has been major blindness towards the growing threat actor community from China.

The Chinese underground hackers have made it to the media several times, but they have built a major place in Telegram and Twitter for illegally advertising large amounts of PII data that were obtained through several Tactics, techniques, and procedures involving data exfiltration. 

However, there were also other methods, such as malicious software development kits (SDKs), deep packet inspection (DPI), penetration services, insider access underpinned by formal contracts, and counterfeit mobile applications.

Tools And Tactics Used

According to the reports shared with Cyber Security News, the value of black market data in Chinese media outlets is estimated to be between 100 and 150 billion yuan.

Although this is not officially confirmed, it is still important to understand the difference between the data leak publishing of Western Cybercriminals and Chinese-speaking cybercriminals.

Telegram social media has paved the way for Chinese hackers to bypass surveillance from their country.

They were also found to be using proxy or VPN services to connect to the Telegram messaging app.

Moreover, they also have a separate way of offering and advertising their services using Chinese colloquialisms.

Data: Leaks And Exfiltration

The Data leak advertisements from these Chinese Telegram channels have been observed to follow a specific structure that obfuscates victim names to maintain access to the entity without intervention from Law enforcement. 

As a workaround, they specify the sector that the victim is associated with. When these threat actors receive customer requests, they attempt to exfiltrate the real-time with the most accurate data for offering “High Value.” 

In case data exfiltration is impossible, they attempt it via SMS or DPI methods.

The threat actors have also claimed to have login access to the applications or websites that they are exfiltrating, which makes them the controllers of the data exfiltration and selling.

These Chinese cybercriminals employed several methods for gathering personally identifiable data from victims, which include SMS hijacking, Smishing, Software Development Kits, and Penetration Testing tools.

Furthermore, these Chinese cybercriminals have also been found to be selling CVV/POS financial data as part of their data leaks. 

In addition, they also created their own repositories of leaked PII named “Social Work Libraries.”

Once a particular data has been sold, these Chinese actors wait for some time and upload the same to this repository.

However, these threat actors were not linked with Chinese APT actors.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.