As governments world wide proceed to take care of the coronavirus pandemic, a hacking group with potential ties to South Korea has launched an espionage marketing campaign in opposition to the Chinese language authorities.
The DarkHotel superior persistent menace group has compromised over 200 VPN servers with a view to infiltrate a lot of Chinese language establishments and authorities businesses, in line with a brand new report from Qihoo 360.
In a single case, the hacking group exploited a beforehand unknown vulnerability within the enterprise VPN software program Sangfor SSL after which put in malicious software program onto sufferer’s machines with a view to accumulate person knowledge.
The timing of the assault additionally coincided with new directions from the Chinese language authorities which urged residents to work from home in order to help stop the coronavirus’ spread.
DarkHotel hacking group
While Qihoo 360 believes that the DarkHotel hacking group was behind this latest series of attacks, other security researchers aren’t so sure. In a post on Twitter, principal safety researcher at Kaspersky, Brian Bartholomew argued that the Beijing-based safety agency didn’t present the required proof to tie DarkHotel to those assaults, saying:
“I’m going to be a bit blunt right here. This write up is stuffed with hypothesis, no proof this was truly DatkHotel, and a ton of affirmation bias about concentrating on due to Covid. Not saying they’re unsuitable, however sooner or later, there must be extra supporting knowledge to help claims.”
VPN companies are serving to to maintain distant employees all around the world safe as they work at home in the course of the coronavirus pandemic which is why we have seen an elevated variety of assaults concentrating on them. In its report, Qihoo 360 defined that VPNs are important to Chinese language companies throughout this attempting time, saying:
“Think about it, with the spreads of the coronavirus pandemic, Chinese language enterprises and establishments overseas have all adopted the distant working mode and workers in every unit will set up contact with the headquarters and switch all delicate knowledge by way of the VPN. If the VPN server is compromised at this second, the implications will likely be unimaginable.”
Whether or not or not DarkHotel is behind this newest collection of assaults nonetheless stays to be confirmed however hopefully different safety researchers will now start to look into the matter to see if Qihoo 360’s claims are true.
- Additionally try our full checklist of the perfect VPN companies
By way of CyberScoop