1. Forum
  2. tqw
  3. TQW GENTECH

  • Chinese hackers are using this open-source VPN to mask spying act

    From TechnologyDaily@1337:1/100 to All on Friday, November 15, 2024 17:00:08
    Chinese hackers are using this open-source VPN to mask spying activities

    Date:
    Fri, 15 Nov 2024 16:51:51 +0000

    Description:
    The target list also includes an EU diplomatic organization for the first time, ESET researchers can reveal. Here's all you need to know.

    FULL STORY ======================================================================

    Chinese hackers are relying on legitimate VPN services to mask illegal activities, and for the first time, a diplomatic organization in the European Union is among their targets.

    These findings come from the latest ESET report on APT (Advanced Persistent Threat) groups' activities between April and September 2024.

    All the best VPN apps encrypt internet connections to prevent third-party access while spoofing users' real IP addresses for maximum online anonymity. But what if those who use these services are professional government-backed hackers? SoftEther VPN: hackers' tool of choice

    "One trend that we noticed among several China-aligned threat actors is the use of SoftEther VPN instead of their usual implants or backdoors," Mathieu Tartare, senior malware researcher at ESET, told Cyberscoop .

    SoftEther VPN is an open-source virtual private network (VPN) software that can use HTTPS connections to establish a VPN tunnel. This allows its users to bypass a company's firewall, for instance, while blending into legitimate traffic.

    Experts observed the Webworm APT group, a cyberespionage group linked to China, switching from full-featured backdoors (such as the Trochilus RAT )
    to the SoftEther VPN Bridge on compromised machines of several governmental organizations in the EU.

    "Such a VPN bridge allows the attacker to establish direct communication between the attacker-controlled infrastructure and the victims local network, bypassing port filtering and accessing resources that might be blocked on the external router or firewall of the targeted organization," noted researchers. #ESETresearch released its latest APT Activity Report covering April to September 2024 (Q2 2024Q3 2024). This period saw China-aligned APT groups increasingly relying on VPN platforms specifically the open-source SoftEther VPN to maintain access to victims networks. 1/2 pic.twitter.com/HazCFT55Us November 7, 2024

    Webworm wasn't the only group regularly deploying SoftEther VPN, either. GALLIUM, Flax Typhoon, and MirrorFace all have been using the VPN service during the research period with the latter making regular use of it since the end of 2023.

    For the very first time, the MirrorFace group also expanded its target list outside Japan, including an EU diplomatic organization alongside its usual targets.

    Researchers did not name the compromised organization. Yet, the attack still appears to be linked with Japanese affairs as hackers sent the victim a phishing email about the 2025 World EXPO exhibition, which is set to be held in Osaka.

    Talking to Cyberscoop, Tartare said organizations should consider any SoftEther VPN executables deployed on the network as suspicious and block
    them if they aren't needed. You should be especially wary of those SoftEther VPN executables that do not have the right filename, he added.

    For more tips and tools on how to secure your organizations, I recommend checking our dedicated pages of the best business VPNs and endpoint
    protection software currently on the market.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/vpn/chinese-hackers-are-using-this-open-source-v pn-to-mask-spying-activities


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)