Chinese hackers are relying on legitimate VPN services to mask illegal activities, and for the first time, a diplomatic organization in the European Union is among their targets.
These findings come from the latest ESET report on APT (Advanced Persistent Threat) groups’ activities between April and September 2024.
All the best VPN apps encrypt internet connections to prevent third-party access while spoofing users’ real IP addresses for maximum online anonymity. But what if those who use these services are professional government-backed hackers?
“One trend that we noticed among several China-aligned threat actors is the use of SoftEther VPN instead of their usual implants or backdoors,” Mathieu Tartare, senior malware researcher at ESET, told Cyberscoop.
SoftEther VPN is an open-source virtual private network (VPN) software that can use HTTPS connections to establish a VPN tunnel. This allows its users to bypass a company’s firewall, for instance, while blending into legitimate traffic.
Experts observed the Webworm APT group, a cyberespionage group linked to China, switching from full-featured backdoors (such as the Trochilus RAT) to the SoftEther VPN Bridge on compromised machines of several governmental organizations in the EU.
“Such a VPN bridge allows the attacker to establish direct communication between the attacker-controlled infrastructure and the victim’s local network, bypassing port filtering and accessing resources that might be blocked on the external router or firewall of the targeted organization,” noted researchers.
#ESETresearch released its latest APT Activity Report covering April to September 2024 (Q2 2024–Q3 2024). This period saw 🇨🇳…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
