Sunday, April 14, 2024

Researchers Uncover Tools And Tactics Used By Chinese Hackers

Over the years, several reports associated with cybercriminals have been based in Russia and Western countries.

This is due to the fact that many sophisticated cyber attacks and data leaks originate from these regions.

Though this is the case, there has been major blindness towards the growing threat actor community from China.

The Chinese underground hackers have made it to the media several times, but they have built a major place in Telegram and Twitter for illegally advertising large amounts of PII data that were obtained through several Tactics, techniques, and procedures involving data exfiltration. 

However, there were also other methods, such as malicious software development kits (SDKs), deep packet inspection (DPI), penetration services, insider access underpinned by formal contracts, and counterfeit mobile applications.

Tools And Tactics Used

According to the reports shared with Cyber Security News, the value of black market data in Chinese media outlets is estimated to be between 100 and 150 billion yuan.

Although this is not officially confirmed, it is still important to understand the difference between the data leak publishing of Western Cybercriminals and Chinese-speaking cybercriminals.

Telegram social media has paved the way for Chinese hackers to bypass surveillance from their country.

They were also found to be using proxy or VPN services to connect to the Telegram messaging app.

Moreover, they also have a separate way of offering and advertising their services using Chinese colloquialisms.

Leaked data on Telegram with Chinese Colloquialism words (Source: Spy Clouds)

Data: Leaks And Exfiltration

The Data leak advertisements from these Chinese Telegram channels have been observed to follow a specific structure that obfuscates victim names to maintain access to the entity without intervention from Law enforcement. 

As a workaround, they specify the sector that the victim is associated with. When these threat actors receive customer requests, they attempt to exfiltrate the real-time with the most accurate data for offering “High Value.” 

Twitter Advertisement (Source: Spy Cloud)

In case data exfiltration is impossible, they attempt it via SMS or DPI methods.

The threat actors have also claimed to have login access to the applications or websites that they are exfiltrating, which makes them the controllers of the data exfiltration and selling.

These Chinese cybercriminals employed several methods for gathering personally identifiable data from victims, which include SMS hijacking, Smishing, Software Development Kits, and Penetration Testing tools.

Furthermore, these Chinese cybercriminals have also been found to be selling CVV/POS financial data as part of their data leaks. 

In addition, they also created their own repositories of leaked PII named “Social Work Libraries.”

Once a particular data has been sold, these Chinese actors wait for some time and upload the same to this repository.

However, these threat actors were not linked with Chinese APT actors.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles