Chinese Hackers Toolkit Uncovered And Activity History Uncovered
Essential information
- Published
- 28/10/2024 15:48
- Modified
- 29/10/2024 13:27
- Tags
- 2024-10-28 CVE-2021-25003 c2 infrastructure chinese hackers cobalt strike lockbit 3.0 privilege-escalation ransomware reconnaissance tools sql injection viper framework
- Related entities
- 1 vulnerabilities (cve), 7 observables, 1 intrusion sets (apt), 13 techniques (mitre), 3 malware, 8 others
Description
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical organizations. They employed advanced privilege escalation tools and operated a C2 infrastructure using Cobalt Strike and Viper framework. The hackers also created a custom ransomware variant based on LockBit 3.0. Their activities extended across multiple Asian countries, focusing on government, education, health, and logistics sectors. The group used proxy servers to conceal their location and employed various hacking tools, including WebLogicScan, Vulmap, Xray, and dirsearch.