Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies
Mar 24, 2023
Cyber Attack / Hacking
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor , active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with a spear-phishing email to deploy a wide range of tools for backdoor access, command-and-control (C2), and data exfiltration. These messages come bearing with malicious lure archives distributed via Dropbox or Google Drive links that employ DLL side-loading, LNK shortcut files, and fake file extensions as arrival vectors to obtain a foothold and drop backdoors like TONEINS, TONESHELL, PUBLOAD , and MQsTTang (aka QMAGENT). Similar infection chains utilizing Google Drive links have been observed delivering Cobalt Strike as early as April 2021. "Earth Preta tends to hide malicious payloads