Malware And Viruses

Suspected Malware Attacks on Chinese Financial Institutions

Form of financial institution huntingIn recent years, different variants of malware have started to target Chinese financial institutions. A well-known case of this is malware called Carbanak, which has breached numerous banks, making off with more than $1-billion worldwide, a big chunk of it from Chinese banks. Carbanak infection infiltrated employees’ computers through phishing emails, which were installed keyloggers, which recorded employees’ login credentials. With the malware, criminals could take over bank accounts, ATMs and financial transactions inside bank networks. Some banks lost tens of millions of dollars in a matter of hours during the incident.

Ransomware Incidents in China

Ransomware ransomware has soared, and WannaCry was one of the most notorious. Thousands of Chinese businesses, hospitals, and universities were hit by the WannaCry ransomware in 2017 The malware leveraged a Windows zero-day description to encrypt files and request a Bitcoin ransom. Over the course of a few days, around 30,000 institutions in China were either damaged or paralyzed, shutting down operations and incurring massive financial costs. However, tolls did cause desperate health care shortages in some hospitals in stretches amid China, endangering patient care and triggering emergency protocol activations by local government.

Malware Targeting Chinese Government Agencies

Sophisticated viruses that target Chinese government entities are common. For example, PlugX malware was involved in several cyber espionage campaigns against Chinese governmental bodies. The RAT, known as PlugX, gives attackers unfettered control of compromised systems. In one campaign, it was reported that attackers exfiltrated sensitive data from more than 100 government offices, including intelligence and defense departments.

While Mobile Malware Keeps Spreading in China

Thus, the vast mobile user base in China makes everyone a potential victim of mobile malware. HummingBad: One of the worst examples of cell phone malware, this malware infected millions of Android smartphones. The fraudulent apps caused at least 10 million infected devices around the world-especially in China-to generate revenue from clicking ads. In addition to breaching user privacy, it cost tens of millions of dollars in unauthorized app downloads and ad clicks.

Malware for Industrial Control System

Diegoizmalware – attacks on industrial control systems among critical infrastructure in china While the Stuxnet virus was first identified within Iran, it carried much wider implications in China. The Stuxnet was directed at Supervisory Control and Data Acquisition (SCADA) systems and was highly destructive. The same strains of malware were found in sectors of critical infrastructure in China, affecting industries including energy and manufacturing, posing a threat to operational safety and, in some cases, investigative and recovery costs totalling in the millions of dollars.

Advanced Malware – Data Exfiltration

Chinese corporations have also been victimized by advanced malware which result in data exfiltration (as is the case with malware created by the APT1 group). APT1 is the name that the firm gives the supposed state-sponsored group that used malware to steal intellectual property and trade secrets from significant Chinese companies. The malware allowed hackers to work undetected for months or even years, stealing reams of valuable data – so much that it’s believed the damage adds up to hundreds of billions of dollars in intellectual property that Fruition’s experts think left the country or are no longer in the US owners’ hands.

Phishing

Chinese Phish for E-commerce Platforms

China e-commerce Phishing Targets In the most striking example, Taobao users were hit with fake login pages designed to look like the real thing. The attackers had sent emails to users saying they needed to verify their accounts because of suspicious activity. People who clicked the link were sent to a fraudulent login page where their credentials were harvested. It made a huge impact: one campaign sold more than 20,000 accounts, all totally full of millions of yuan stolen from victim accounts.

Chinese Financial Institution Phishing Campaigns

Chinese banks have repeatedly been the target of phishing attacks, most notably Bank of China was breached a few days earlier. The messages purported to be from the over $400 billion bank, informing recipients of data breaches and asking them to confirm their account. The phishing emails included links to fraudulent sites that mirrored the appearance of the bank’s legitimate site. The campaign successfully ran for a month and a half, stealing more than 50 million yuan from different customer accounts, before being detected and ceased.

Spear Phishing Aimed at Government Employees

Sophisticated spear-phishing attacks have been used to target Chinese government employees. A very prominent case saw emails going out to employees at a provincial government, where it appeared that emails were sent on-behalf of senior officials. The emails came with malicious attachments pretending to be official documents. Once opened, the attachments loaded malware designed to collect sensitive information from the systems invaded. The breach resulted in the release of sensitive information involving more than 1,000 government employees across a number of departments and operations.

Phishing On Chinese social media

Phishing-crew have also taken advantage of the social media, particularly WeChat and Weibo, to launch phishing attacks. The attackers crafted fake customer service profiles, reached out to users via messages and offered account help, but users who took the bait only opened the door for the attackers. Scammers drove victims to these fake customer service websites and would ask for personal information and login credentials. In fact, this type of attack ended compromising the data of thousands of users, resulting in infamous instances of identity theft and financial fraud.

Chinese Educational Institutions used as Bait for Phishing

Even academic institutions in China have been targeted for phishing attacks. Among the most notable of these was at a university where students and staff received emails purporting to be from the IT department asking them to reset their passwords as part of an alert that a system upgrade was taking place. This link lead them to a realistic looking fake login page that harvested their credentials 5,000+ university accounts The campaign hijacked a minimum of 5,000 university accounts, allowing threat actors to enter university systems and access scientific research data and personal information of faculty, workers, and students.

Falling Prey to Business Email Compromise

Chinese companies have been disproportionately affected by Business Email Compromise (BEC) phishing. A well-publicized case in point took aim at a major manufacturer. Emails were sent that appeared to come from the CEO and requested the finance department make immediate payments to the account of a new supplier. The finance team, assuming the e-mails were real, wired around $10 million to the wrong account before realizing the scheme. The financial loss was Such a huge loss which destroyed the workings and the cash flow of the company.

Social Engineering Attacks

Corporate Espionage

One prominent case had a an assailant impersonate an executive from a competitor company to be able to attain certain intellectual property of a major Chinese tech firm. The attacker enticed an employee on LinkedIn to pose as a recruiter with a new high-paying job opportunity. Having first won and built trust in the course of multiple interactions with the employee, the attacker later tricked the employee into sharing project progress under the scope of a technical exercise. This vulnerability exposed the company to the loss of key intellectual property, worth more than $5 million, that would have significantly threatened the competitiveness of the firm.

Gathering Financial Data via Pretexting

Pretexting (an attacker pretending ot be someone else): An example of pretexting is a case where an attacker pretended to be an internal IT support representative of a major bank in China. He phoned a number of the company’s employees to tell them their accounts had a serious problem and they should address it – now. The attacker used sophisticated verbiage and terminology to convince employees to give up their login information. The attacker successfully entered and took out around 10 million yuan from the breached accounts during only one week of non-detection of the fraudulent operations.

Tactical Tailgating at High-Security Sites

A highly defined example of this is when a Chinese defence contractor was ‘tailgated’. An attacker who claimed to have lost its access card, followed an authorized employee into the building. After gaining entry, the intruder roamed around the protected zones with the help of regular staff simply by mingling in and acting like they know what they’re doing. The breach allowed those responsible to gain access to confidential files, which was essentially a security disaster and forced an in-depth security audit.

Hooking with Infected USB drives

One such attack baited a major Chinese manufacturing company, with attackers leaving USB drives with some confidential marking on it in the organization’s parking lot. Inquisitive employees found the drives and plugged them into their work PCs, inadvertently installing malware that would offer attackers remote control over the firm’s network. The malware also spread quickly to subvert more than 100 systems, and the production data and financial records leaked, resulting in millions of yuan in losses.

Chinese Healthcare Providers Vishing 

In the case of China, a vishing campaign was launched against Chinese healthcare providers using the ruse of a call coming in from what appeared to be the state Ministry of Health. They said the hold was needed for “a rapid data-analysis” or patient records due to a suspected data breach. Staff were tricked over the phone into disclosing their login details after being made to feel they were being pressured into responding. But the breach, which exposed records of more than 20,000 patients in all, caused widespread privacy breaches and warranted regulatory responses against the hospitals involved.

Researchers at are a favoured target of quid pro quo attacks.

One of the ‘quid-pro-quo’ attacks involved the ‘survey’ tactic used to entice university researchers in China with the lure of free access to premium research databases. The software tool they had to install to conduct the survey acted as a backdoor into the computers of the researchers who were reading the papers. Chinese Academy of Sciences’s Labs Hit by Zero-Day RansomwareThe attackers have made off with ‘several million’ in research data, say the Chinese Academy of Sciences.

DDoS Attacks

China Gaming Industry Faces 2nd Largest DDoS Attack – DDoS Attack on Chinese Gaming Industry | Largest DDoS Attack in China for a Game Service Provider

A major Distributed Denial of Service (DDoS) attack against the Chinese online gaming industry in 2018. The attack, which went on for hours, took aim at key gaming servers, such as those of Tencent’s popular titles like Honor of Kings as well as PUBG Mobile. The attacks involved overwhelming the servers with traffic coming from more than 1 Tbps, allowing the botnet to deliver varying services. The connectivity problems translated to players having laggy experiences, as well as mods and game crashes, which in turn caused mass frustration, and a financial loss to the tune of millions – with thousands estimated to have been involved.

UNICOM DDoS attack

One of the largest cryptocurrency exchanges in China, OKEx, experienced a DDoS attack in 2020. It was a dual attack -a first-phase DDoS of 200 Gbps and a second-phase hammer – a second savage 400 George-per-second beater. This attack saturated the exchange’s infrastructure and made the exchange inaccessible for several hours. Last April for example, when the deposits and withdrawals were blocked because of a security issue, this had a domino effect on the whole trading ecosystem, it generated large trading delays, much user trust was lost, and a financial loss was estimated to over $5 millions caused directly by the stopped transactions and the swing in the market.

Chinese E-commerce Giant Hit with DDoS Online Attack

In fact, the cyber-attack crippled an entire day of the 2019 Singles’ Day shopping extravaganza of Chinese e-commerce giant Alibaba. The attack was conducted to disturb the busiest shopping season by sending 500 Gbps of DDoS traffic into its server. The attack (which, despite the strong protection systems in place at Alibaba, led to continued downtime and interrupted tens of thousands of txns/minute ) While the attack certainly exposed weaknesses during peak activity, Alibaba was able to respond quickly enough to dampen the financial impact.

Targeted DDoS Attack Campaign Hits Chinese Educational Institutions

Many Chinese universities faced coordinated DDoS attacks during online exams this year period of online examinations in many academic circles this year. Those attacks were directed at the university’s servers with traffic volumes of up to 300 Gbps and disrupted online exams and access to educational resources. The attacks caused some schools to delay exams, and all the schools that were hit by the malware have had to spend significant time and money recovering from the attack.

Huge DDoS Hits Chinese ISP

A massive 800 Gbps DDoS attack was launched against a large Chinese Internet Service Provider (ISP), China Unicom, in 2017. The attack led to internet services being disrupted for millions of users in multiple regions of China. The outages were widespread and created economic losses totalling hundreds of millions of yuan, involving businesses, government services, and individual users. To mitigate the attacks, the ISP improved its infrastructure and upgraded to more sophisticated DDoS mitigation systems.

Zero-Day Vulnerabilities

Zero-Day Attack On The Chinese Telecom Industry

Also in 2020, a zero-day flaw was discovered on some mainstream Huawei routers. The vulnerability has been exploited by attackers to access illegally the network infrastructure of some Chinese telecommunications companies. The bug, which affected the firmware, enabled to run code remotely. The precarious situation finally resulted in millions of users affected by data traffic interception. This led to massive interruptions and compelled the company for immediate system overhauling which cost them up to $10 million for damages and reinforcements building.

Chinese Banking Software Vulnerability

A core banking software zero-day was found in a major Chinese bank in 2019. This flaw was leveraged by the attackers to make illegitimate transactions. Cybercriminals exploited this flaw to steal more than 50 million yuan from multiple customer accounts before the bank could recover and halt the attack process. The breach has pushed the bank to quickly make changes to cybersecurity systems and to discover additional weaknesses that resulted in spending a substantial amount of money on security enhancements.

Chinese Government Networks Hit With Zero-Day Flaws

In 2018, a zero-day in a popular Chinese government email client (the application cannot be named for security reasons) was abused by APT groups. The now-patched flaw could help attackers read sensitive communications within a number of government departments. This leak exposed top-secret documents to the public, undermining government processes and national security. Government responded with patching (and patching), and examination of security policies, which is again costing millions of yuan along with several months to adopt.

Chinese Industrial Control Systems with Zero-Day Exploit

A zero-day vulnerability in their industrial control systems (ICS) caused massive disruptions across Chinese manufacturing firms in 2021. The vulnerability used to halt production lines was discovered in a major PLC (or, Programmable Logic Controller). Pretending to be the controlling computer, the attackers manipulated the central controller for the PLCs and caused shutdowns and malfunctions of the equipment, resulting in decreased production capacity with losses estimated at over 100 million yuan. Security mechanisms in ICS were severely lacking and this incident brought to a point the necessity of industrial environments on a whole to upgrade their security practices.

Chinese app with zero-day

POPULAR Chinese mobile payment app used to siphon money in zero-day vuln shenanigans in 2022 This made it possible for hackers to not only access the financial information of users but also carry out transactions on their behalf in a number of services. The robbery cost over 500,000 consumer accounts and caused the general loss of 20 million yuan. As a result, the app developers released an emergency update and brought in further security measures to stop the access from happening again.

Advanced Persistent Threats

APT41 Targeting Chinese IT Companies

One of the most prolific APT groups attacking Chinese technology companies is APT41, aka Winnti. In 2019, APT41 broke into multiple high-profile Chinese tech firms. The zero-day exploit was crafted using extremely sophisticated nuances to provide a robust foothold to the attacker on the organisation’s network in the longer run. Over time, they siphoned off millions of dollars worth of sensitive information, such as source code and intellectual property. The breach was not detected for months, which demonstrates the stealth and long-term level of access that the APT41 group was able to maintain.

Cyber Espionage Campaign on Chinese Government Agencies under APT10

The nation-state actor, APT10 (also known as Stone Panda), has been identified as the primary threat actor, conducting widespread cyber espionage against Chinese government agencies. In 2018 vulnerabilities in cloud service providers were exploited, which was being used by a Chinese government department, as APT10 was involved. The attackers stole a large number of confidential data, such as internal conversations and documents. It struck more than a hundred government affiliations and which prompted a series of actions from network audits to security enhancement that costs millions of yuan.

APT29 acts on Chinese academic institutions

Cozy Bear, or APT29, has largely targeted Chinese academic institutions to pilfer research and development data, they also observed. in 2020, APT29 targeted a biomedical research center in a top Chinese university The researchers fell victim to spear phishing emails sent by the hackers. Over the course of more than a year, they remained in the network exfiltrating vital research data on COVID-19 vaccines and treatments. It was a multi-million dollar setback for research underway at the university.

APT15 Group Attacks Chinese Aerospace Industry

APT15 (Ke3chang)-The group has been known to attack Chinese Aerospace industry as well. APT15 reportedly gained access to a major aerospace firm by utilizing spear phishing and zero-day exploits in 2017. The attackers had their sights set on technical specifications and design documents of next-generation aircraft. There is the potential to make massive intellectual property losses that bear on matters of national security, as the attackers managed to ex-filtrate gigabytes of data over the course of the yearlong breach.

Fancy Bear, aka APT28, Targeting Chinese Financial-sector Operations Over the past year, APT28 has also initiated a phishing campaign against multiple Chinese banks, along with the new strains of malware. The aim of the attackers is to disrupt financial operations and collect intelligence on financial transactions. They managed to break into the systems of three large banks and led to estimated financial losses of more than 100 million yuan to fraudulent transactions and recovery costs.

Leave a Reply

Your email address will not be published. Required fields are marked *