China deploys large-scale spyware
https://newsstechh.blogspot.com/2022/05/china-deploys-large-scale-spyware.html
China deploys large-scale spyware
Computer security researchers from Cybereason, a specialist company founded in 2012, discovered that Winnti, a group of Chinese hackers, carried out a major espionage operation in the United States, Europe and Asia.
Also known as APT41, this hacker gang is directly funded by the Chinese authorities. Their usual name, Winnti, comes from one of the most popular hacking tools, a computer virus called Winnti Trojan. The group is notorious for hacking the servers of CCleaner, Asus, and several game developers in South Korea.
Cybereason discovered during the investigation that Winnti deployed a computer attack on the servers of several technology and manufacturing companies in order to seize trade and industrial secrets. As it turns out, the gang is stealing the intellectual property of foreign companies on the orders of Beijing.
To settle their goals, the Winnti hackers passed through Windows CLFS (Common Log File System Driver), which is an operating system platform file. Assaf Dahan, Senior Director and Head of Research at Cybereason, says the hackers exploited "multiple vulnerabilities, some known and some unknown at the time of the exploit".
The expert determines that hackers "misused the CLFS file format" to disguise the malware. In this case, the Winnti malware was able to transfer data from a computer or server by bypassing security measures.
In the same vein, Cybereason encourages companies to take measures to protect themselves from the Chinese government's cyber espionage.
