Chinese hackers suspected of attacking government agencies in Mongolia
Chinese hackers suspected of attacking government agencies in Mongolia
14:31 / 11 December, 2020
Hackers have broken into the chat application update mechanism used by hundreds of government agencies in Mongolia.
image
A Chinese cybercriminal APT group is suspected of hacking into the network of a Mongolian software company and hacking into a chat application used by hundreds of Mongolian government agencies.
According to experts from ESET, the attack took place in June this year. The hackers attacked an application called Able Desktop developed by local company Able Software. The application is an instant messaging add-on for the company's main product, the HR platform. The platform is used by more than 430 government agencies in Mongolia, including the Office of the President, the Ministry of Justice, the Ministry of Health, various local law enforcement agencies and authorities.
According to ESET, due to its widespread use among government officials, the application has been the target of cyberattacks since at least 2018. In the first attacks, the criminals tried to inject the HyperBro backdoor and the PlugX remote access Trojan into the Able Desktop application and distributed Trojan versions of the application's installer via email.
In June 2020, attackers appeared to have been able to hack into Able's backend and compromised the system that delivers software updates to all of Able's software applications. Hackers have used the system at least twice to distribute the malware-infected Able Desktop chat application through a legitimate update mechanism. To carry out these attacks, the attackers again used the HyperBro backdoor, but replaced PlugX with Tmanager as a component for remote access.
Подробнее: https://www.securitylab.ru/news/514756.php?ref=123?ref=123
14:31 / 11 December, 2020
Hackers have broken into the chat application update mechanism used by hundreds of government agencies in Mongolia.
image
A Chinese cybercriminal APT group is suspected of hacking into the network of a Mongolian software company and hacking into a chat application used by hundreds of Mongolian government agencies.
According to experts from ESET, the attack took place in June this year. The hackers attacked an application called Able Desktop developed by local company Able Software. The application is an instant messaging add-on for the company's main product, the HR platform. The platform is used by more than 430 government agencies in Mongolia, including the Office of the President, the Ministry of Justice, the Ministry of Health, various local law enforcement agencies and authorities.
According to ESET, due to its widespread use among government officials, the application has been the target of cyberattacks since at least 2018. In the first attacks, the criminals tried to inject the HyperBro backdoor and the PlugX remote access Trojan into the Able Desktop application and distributed Trojan versions of the application's installer via email.
In June 2020, attackers appeared to have been able to hack into Able's backend and compromised the system that delivers software updates to all of Able's software applications. Hackers have used the system at least twice to distribute the malware-infected Able Desktop chat application through a legitimate update mechanism. To carry out these attacks, the attackers again used the HyperBro backdoor, but replaced PlugX with Tmanager as a component for remote access.
Подробнее: https://www.securitylab.ru/news/514756.php?ref=123?ref=123
