Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
Jun 03, 2022
An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky said in a new report. "Such attacks are especially dangerous and devastating because they do not require any interaction with the target to lead to a successful infection." Known to be active since 2008, organizations targeted by LuoYu are predominantly foreign diplomatic organizations established in China and members of the academic community as well as financial, defense, logistics, and telecommunications companies. LuoYu's use of WinDealer was first documented by Taiwanese cybersecurity firm TeamT5 at the Japan Security Analyst Conference (JSAC) in January 2021. ...