Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion

Chinese Hacking Group Targeting Ukraine

Chinese Hacking Group Targeting Ukraine


A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict.

SentinelOne’s analysis follows an advisory from Ukraine’s Computer Emergency Response Team (CERT-UA) earlier this week outlining a spear-phishing campaign that leads to the delivery of a RAR archive file, which comes with an executable that’s designed to open a decoy file while stealthily dropping a malicious DLL called HeaderTip in the background.

Scarab was first documented by the Symantec Threat Hunter Team, part of Broadcom Software, in January 2015, when it detailed highly targeted attacks against Russian-speaking individuals since at least January 2012 to deploy a backdoor called Scieron.


Ukraine Secret Service Arrests Hacker Helping Russian Invaders


If the attackers successfully compromise the victims’ computers, then they use a basic backdoor threat called Trojan.Scieron to drop Trojan.Scieron.B onto the computer, . . . Trojan.Scieron.B has a rootkit-like component that hides some of its network activity and features more enhanced back door functionality.

HeaderTip’s connections to Scarab come from malware and infrastructure overlaps to that of Scieron, with SentinelOne calling the latter a predecessor of the newly discovered backdoor. Designed as a 32-bit DLL file and written in C++, HeaderTip is 9.7 KB in size and its functionality is limited to acting as a first-stage package for fetching next-stage modules from a remote server.

FULL STORY


Chinese Hacking Group Targeting Ukraine

Total
0
Shares
Leave a Reply

Your email address will not be published.

Related Posts