Logo

DOSarrest Vulnerability Testing and Optimization
Navigation
  • Home

Report: Chinese cyberspies targeted Western think tanks with spy tools, DDos attacks in Q4

on December 22, 2017 |
DDoS DDoS Attack Specialist DDoS Defense DDoS Protection Specialist Defend Against DDoS Stop DDoS Stop DDoS Attacks

At least four Western think tanks and two non-government organizations were targeted in Chinese cyber espionage activities this past October and November, according to a new report from CrowdStrike. And in one unusual attack, the adversaries launched a distributed denial of service attack against one think tank after failing to compromise its web server.

In a Wednesday blog post, researchers from CrowdStrike’s Falcon Intelligence and OverWatch teams reported that these cyberspy operations specifically sought to intercept the communications of Westerners involved in Chinese economic policy research and the Chinese economy. Also targeted were experts in defense, international finance, U.S.-Sino relations, cyber governance, and democratic elections.

The system intrusions typically relied on the China Chopper webshell for reconnaissance and lateral movement, as well as credential harvester Mimikatz and various second-stage tools, the report added.

CrowdStrike notes that these recent attacks sharply contrast from observed Chinese cyber espionage activity in the preceding months, which focused more on Southeastern and Eastern Asia region. Previous Chinese attacks against think tanks were also less targeted, consisting largely of “smash and grab” operations designed to indiscriminately exfiltrate data, the report continues.

In a first for the company, CrowdStrike researchers also observed a China-based adversary engaging in a disruptive DDoS attack against an espionage target – a bizarre strategy that contradicts the actors’ typical m.o. of remaining clandestine.

In this specific case, an attacker attempted to compromise the web server of a think tank involved in an ongoing military research project, using spear phishing emails as the initial attack vector. When CrowdStrike managed to block repeated attempts at compromising the server with web shells and SQL injections the attackers mysteriously launched a DDoS attack on the site.

“The purpose of the attack is unclear, as it did not appear to benefit the espionage objective,” the report states. “Given the timing and subsequent failures at gaining access to what is presumably a high-value target, this DDoS attack could have been done out of frustration.”

“China’s renewed interest in targeting Western think tanks and NGOs is hardly surprising given [Chinese] President Xi Jinping’s call to improve China’s think tanks, a response to myriad new strategic problems facing China as it seeks greater influence as a global player,” CrowdStrike concludes in its blog post. “The targeting of these six organizations may signal a more widespread and active campaign to collect sensitive material and enable future operations.”

Source: https://www.scmagazine.com/report-chinese-cyberspies-targeted-western-think-tanks-with-spy-tools-ddos-attacks-in-q4/article/720098/

Share this story:
  • tweet

Recent Posts

  • Link11 Discovers Record Number of DDoS Attacks in First Half of 2021

    July 15, 2021 - 0 Comment
  • A New Wave of DDoS Extortion Campaigns by Fancy Lazarus

    June 16, 2021 - 0 Comment
  • ‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoS Efforts

    June 12, 2021 - 0 Comment
Comments are closed.
DOSarrest ad

Keep updated with the latest DDoS Attacks

RSSSubscribe
  • Home
  • Latest News
  • Contact
  • Sitemap
© Copyright 2013. All Rights Reserved. Web Development by: 6folds Marketing