Recent Trends Observed Among Chinese Cybercriminals

Chinese APT groups have been gaining global notoriety, with a plethora of malicious tactics and sophisticated tools at their disposal.

What’s happened?

Chinese smartphones have been spotted containing pre-installed malware, designed to propagate mobile ad fraud on a huge scale. The Transsion Tecno W2 handsets are mainly used in Ghana, Egypt, Cameroon, Ethiopia, and South Africa, with dubious activities detected in 14 other nations. 

What does this imply?

The risks associated with supply chain attacks have reached a crescendo, with attackers creating a perfect storm with the tools and techniques at their disposal. If not taken seriously, these may lead to critical consequences. 

Recent attacks by Chinese adversaries

  • In mid-August, five disparate Chinese APTs were found using the same combination of Linux rootkit and backdoor for cyberespionage.
  • The Taidoor malware strain was spotted by U.S. agencies, being deployed for remote access without being detected.
  • A campaign - Operation Skeleton Key - was conducted by a single group of Chinese hackers against Taiwan’s semiconductor industry. The attackers aimed to steal source code, chip designs, and software development kits, along with other intellectual property. 

Trends observed

  • Some of their most significant tools are not their proprietary code and they depend on open-source software, similar to most state-sponsored threat actors.
  • Strong connection has been established between CactusPete threat actor and ShadowPad malware samples. The malware is being commonly used by the threat actor in each if its attacks.
  • A malicious program, named Quarian, is being used by Chinese threat actors to launch attacks on African and Middle Eastern governments. The group behind these attacks is tracked to be operating under the name CloudComputating.

The takeaway

The threat landscape is involving and there are always new tactics being adopted by threat actors for maximum profit. Chinese state-linked hackers have mastered the art of cyberespionage across the world while evading detection. It is high time that the defenders of cybersecurity up their game.