Thursday, December 5, 2024
HomeCyber CrimeResearchers Uncover Tools And Tactics Used By Chinese Hackers

Researchers Uncover Tools And Tactics Used By Chinese Hackers

Published on

SIEM as a Service

Over the years, several reports associated with cybercriminals have been based in Russia and Western countries.

This is due to the fact that many sophisticated cyber attacks and data leaks originate from these regions.

Though this is the case, there has been major blindness towards the growing threat actor community from China.

- Advertisement - SIEM as a Service

The Chinese underground hackers have made it to the media several times, but they have built a major place in Telegram and Twitter for illegally advertising large amounts of PII data that were obtained through several Tactics, techniques, and procedures involving data exfiltration. 

However, there were also other methods, such as malicious software development kits (SDKs), deep packet inspection (DPI), penetration services, insider access underpinned by formal contracts, and counterfeit mobile applications.

Tools And Tactics Used

According to the reports shared with Cyber Security News, the value of black market data in Chinese media outlets is estimated to be between 100 and 150 billion yuan.

Although this is not officially confirmed, it is still important to understand the difference between the data leak publishing of Western Cybercriminals and Chinese-speaking cybercriminals.

Telegram social media has paved the way for Chinese hackers to bypass surveillance from their country.

They were also found to be using proxy or VPN services to connect to the Telegram messaging app.

Moreover, they also have a separate way of offering and advertising their services using Chinese colloquialisms.

Leaked data on Telegram with Chinese Colloquialism words (Source: Spy Clouds)

Data: Leaks And Exfiltration

The Data leak advertisements from these Chinese Telegram channels have been observed to follow a specific structure that obfuscates victim names to maintain access to the entity without intervention from Law enforcement. 

As a workaround, they specify the sector that the victim is associated with. When these threat actors receive customer requests, they attempt to exfiltrate the real-time with the most accurate data for offering “High Value.” 

Twitter Advertisement (Source: Spy Cloud)

In case data exfiltration is impossible, they attempt it via SMS or DPI methods.

The threat actors have also claimed to have login access to the applications or websites that they are exfiltrating, which makes them the controllers of the data exfiltration and selling.

These Chinese cybercriminals employed several methods for gathering personally identifiable data from victims, which include SMS hijacking, Smishing, Software Development Kits, and Penetration Testing tools.

Furthermore, these Chinese cybercriminals have also been found to be selling CVV/POS financial data as part of their data leaks. 

In addition, they also created their own repositories of leaked PII named “Social Work Libraries.”

Once a particular data has been sold, these Chinese actors wait for some time and upload the same to this repository.

However, these threat actors were not linked with Chinese APT actors.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges

A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...