China-Linked Espionage Group 'GrayFly' Has Connection to Sidewalk Malware, According to Cybsersecurity Researchers

FILES-CHINA-TECHNOLOGY-HACKING
(FILES) In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, China's southern Guangdong province. - As the number of online devices surges and super-fast 5G connections roll out, record numbers of companies are offering up to seven-figure rewards to ethical hackers who can successfully attack their cybersecurity systems NICOLAS ASFOURI/AFP via Getty Images

Grayfly activities are continuously operating while targeting MySQL and Exchange servers in the US, Mexico, Taiwan, and Vietnam.

According to what the cybersecurity researchers found out recently, the SideWalk malware is connected to the Chinese hacker group.

ESET Shares Details About SideWalk

On Friday, Sept.10, The Hacker News reported that ESET, a cybersecurity company based in Slovakia, has divulged some information about the SideWalk malware.

The firm said that the implant was created to collect information, destroy several systems, and ruin plugins sent by the attacker.

The same group, which discovered "SparkingGoblin,'' mentioned that the actor behind the SideWalk campaign was responsible for the emergence of the Winnti malware, which is also known as APT41.

Symantec Researchers Reveal Latest Report About SideWalk

According to a Sept. 9 report from Symantec, a threat-hunting team has found out that "Grayfly," a notorious group of Chinese hackers, was connected to the SideWalk malware.

The China-based team of spies has been operating across the US, Taiwan, Vietnam, and Mexico.

The report added that the group has been inflicting damage in the telecommunication sector, besides the finance, IT, and media organizations.

Since 2017, Grayfly's activities are mainly composed of hacking and espionage.

While exploiting the MySQL web servers, the dangerous cybercriminals also spread the malware and install web shells to gather more data and stabilize their remote connection.

Symantec also spotted that the Chinese hackers conducted PowerShell command execution to Microsoft Exchange Server. This would pave the way for the SideWalk malware to emerge and even use a credential-dumping tool that is the same as Mimikatz

The researchers said that Grayfly hackers are currently gearing up to create more tools that will bypass the regular security system.

Even worse, the Chinese crew will resume their exploitative operations to carry out more attacks and compromise many systems.

Chinese-Related Hacking Incidents

Last month, authorities from Russia's Federal executive were alarmed by the sudden appearance of the Webdav-O virus.

When the Singaporean cybersecurity firm, Group IB studied how it moves, it was found out that the Trojanware came from China.

At that time, the researchers believed that the "TaskMasters" group was behind the malicious scheme. It is also the same group that has installed BlueTraveller malware previously.

In July, Microsoft discovered an influx of zero-day vulnerabilities in SolarWinds. According to the tech giant, the Chinese hackers were the ones responsible for the attack.

At the time of writing, Microsoft further explained that the cybercriminals have been attacking the development sector and military research in the United States.

Later, the tech giant concluded that the group has been active in relying on VPN and routers for their operations.

Microsoft extended help to SolarWinds during the attack by releasing the list of potential indicators that the infected systems might encounter.

This article is owned by Tech Times

written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics