October 16, 2023
Symantec notes in its report on the activities of the hacker group “Grayling” that it is probably a nation-state group and it is probably conducting espionage through its hacks, which breached targets in the U.S., Vietnam, Taiwan, and another Pacific Island from February to May of 2023. The group uses a mix of publicly available, or “living off the land” tools and proprietary tools which is typical for this moment. (One of the tools, for example, is also used in legitimate penetration testing but is often used for nefarious purposes as well). The group target the public facing servers of government, manufacturing, I.T., and biomedical industries across the target area, and used DLL sideloading to perform unspecified operations within the servers, which “Grayling” then deleted from the logs. A popular Windows vulnerability tracked as “CVE-2019-0803” was exploited in these attacks. Symantec notes that the “heavy targeting of Taiwanese organizations” indicates that the attacks probably come from a nation with “a strategic interest in Taiwan”. Chinese-backed hacking groups have compromised critical infrastructure in Guam in May of this year, attacked a wide variety of states across Southeast Asia and Europe since 2021, and exfiltrated data from and disrupted investment in the Taiwanese financial sector from 2021-2022. The Symantec report, however, declined as yet to name a country behind the cyberattacks.
For more:
Nation-state hacker group targeting Taiwan, US, Vietnam and Pacific Islands
No comments:
Post a Comment