web analytics

Hackers Target Taiwan UAV, Military Industries – Source: www.databreachtoday.com

hackers-target-taiwan-uav,-military-industries-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime

Threat Actor Is Likely a Beijing Cyberespionage Operator

Prajeet Nair (@prajeetspeaks) •
September 9, 2024    

Hackers Target Taiwan UAV, Military Industries
A likely Chinese cyberespionage operation has been attacking Taiwan UAV manufacturers. (Image: Shutterstock)

A Chinese-speaking hacking group is targeting drone manufacturers in Taiwan and other military-related industries on the island country located roughly 100 miles from mainland China.

See Also: Webinar | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Trend Micro on Friday said it tracks the threat actor as “Tidrone.” Factors such as file complication times and its operational hours point to Tidrone “likely being carried out by an as-yet-unidentified Chinese-speaking threat group” for the purposes of espionage.

Tidrone attackers used remote desktop tools including the open-source remote administration utility UltraVNC to deploy custom malware, including Cxclnt and Clntend. The latter is a remote access tool TrendMicro first spotted in April. The malware gather sensitive information, bypass security controls and execute additional malicious payloads.

China claims Taiwan as part of its national territory and has taken steps to assert dominance over the Taiwanese Straight, especially under the tutelage of Chinese leader Xi Jinping. The top U.S. envoy to Taiwan on Wednesday vowed that the United States will “continue to maintain the capacity to resist any resort to force or other forms of coercion against Taiwan.” U.S. National Security Adviser Jake Sullivan met with Xi in late August and later told reporters he emphasized to Xi the “importance of maintaining peace and stability across the Taiwan Strait.”

Chinese aggression in cyberspace against Taiwan has included disinformation campaigns and espionage. A May 2020 ransomware attack against Taiwanese state-owned CPC Corp. – the island’s largest gasoline supplier – bore hallmarks of a state-sponsored attack. Security researchers more recently have traced a breach at a Taiwanese government-affiliated research institute to a Beijing hacking group commonly tracked as APT41. The U.S. Department of Justice indicted APT41 members in 2020 for deploying ransomware and other malware to attack more than 100 companies and governments around the globe.

TrendMicro warned that Tidrone isn’t just a worry for Taiwanese cyber defenders since “telemetry from VirusTotal indicates that the targeted countries are varied.”

Tidrone operators employ techniques such as bypassing User Account Control, dumping credentials and disabling antivirus software during post-exploitation to maintain persistence within compromised systems.

Analysis by researchers found that the infection chains point to a likely supply chain attack. The presence of ERP software in multiple victims’ environments suggests the malware could be distributed through this platform.

Cxclnt malware can upload and download files, clear system traces and collect victim data such as file listings and system information. It can also download and execute portable executable files.

Clntend is a more advanced remote access tool that supports multiple network protocols for covert communication with its command-and-control servers. The malware’s capabilities suggest it is used for long-term surveillance and data collection within targeted organizations.

Tridone employs anti-analysis techniques to evade detection, including checking the parent process of applications and hooking common APIs such as GetProcAddress to alter the malware’s execution flow.

Original Post url: https://www.databreachtoday.com/hackers-target-taiwan-uav-military-industries-a-26237

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

DevSecOps Guide
Attacking Rust
Attacking Rust
DevSecOps Guide
Attacking Pipeline
Attacking Pipeline
DevSecOps Guide
Attacking Golang
Attacking Golang
HADESS
Assembly for Hackers
Assembly for Hackers
BIONIC
Application Security Posture Management
Application Security Posture Management
Wallarm
API ThreatStatsTM Report
API ThreatStatsTM Report
Wallarm
API Security Checklist
API Security Checklist
DevSecOps Guide
ANSIBLE PLAYBOOKS
ANSIBLE PLAYBOOKS
Dr. Gemma GALDON CLAVELL
AI Auditing
AI Auditing
RAND
Securing Al Model Weights
Securing Al Model Weights
GDPR
CYBERSECURITY INCIDENT RESPONSE PLAN 1
CYBERSECURITY INCIDENT RESPONSE PLAN 1
KPMG
Cyber security guide for SMEs
Cyber security guide for SMEs

More Latest Published Posts

Victor Tong
Digital Operational Resilience Act – Control Mappings
Digital Operational Resilience Act – Control Mappings
ARMIS
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
IGNITE Technologies
Docker Penetration Testing
Docker Penetration Testing
IGNITE Technologies
Disk Group Privilege Escalation
Disk Group Privilege Escalation
Hiral Patel
Data LossPrevention(DLP)
Data LossPrevention(DLP)
Polygon
Digital identity – Deutsche Bank Corporate Bank
Digital identity – Deutsche Bank Corporate Bank
CSA Cloud Security Alliance
The Six Pillars of DevSecOps:Collaboration andIntegration
The Six Pillars of DevSecOps:Collaboration andIntegration
ASPIRE SYSTEMS
A complete guide toImplementingDevSecOps in AWS
A complete guide toImplementingDevSecOps in AWS
GAO
CYBERSECURITY PROGRAM AUDIT GUIDE
CYBERSECURITY PROGRAM AUDIT GUIDE
Apress
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
PWC
Data Privacy Handbook
Data Privacy Handbook
CERT-EU
DDoS Overview and Response Guide
DDoS Overview and Response Guide
IGNITE Technologies
Data Exfiltration Cheat Sheet
Data Exfiltration Cheat Sheet
CRC Press
Data Privacy for the Smart Grid
Data Privacy for the Smart Grid
New York State
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats and security best practices
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by Cigref
Hidaia Mahmood Alassouli
Common Windows, Linux and Web Server SystemsHacking Techniques
Common Windows, Linux and Web Server SystemsHacking Techniques
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SOC SIEM Use Cases
SOC SIEM Use Cases
safecode
Six Pillars of DevSecOps- Collaboration and Integration
Six Pillars of DevSecOps- Collaboration and Integration
SentineOne
WatchTower I ntelligence-Driven Threat Hunting
WatchTower I ntelligence-Driven Threat Hunting
CNIL
Security of Personal Data
Security of Personal Data
OPSWAP
Securing ICS SCADA updates OT Environments
Securing ICS SCADA updates OT Environments
Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries
Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries