Thursday, April 9, 20:22
Home security Chinese hackers use Cisco, Citrix, Zoho Exploits and attack!

Chinese hackers use Cisco, Citrix, Zoho Exploits and attack!

Chinese hackers

According to FireEye, Chinese hackers are behind a series of recent attacks they use Zoho, Citrix and Cisco exploits to target Appliances, used by various Companies worldwide. The researchers said that behind the attacks is state hacking APT41 team. Most attacks is targeted.

The campaign began in January 2020 and is likely to target businesses currently occupied with the organization of tasks and employees, who are now working remotely due to COVID-19.

Corresponding attacks have been going on for years

As FireEye notes, the recent APT41 campaign is one of the most widespread attacks espionage, that they have accomplished Chinese hackers, in recent years.

“From January 20 to March 11, FireEye followed APT41's effort to exploit vulnerabilities on Citrix NetScaler / ADC, Cisco routers and Zoho ManageEngine Desktop Central ”, the company report says.

The APT41 is one of the most successful Chinese hacking teams. It is believed to be associated with Chinese government. It has been active since at least 2012 and is known for espionage and attacks targeting large industries but also simple ones users.

- Advertisement -

Chinese hackers usually start with spear-phishing emails to penetrate into network of the target and then use malware payloads to violate the whole environment.

Citrix exploits

Citrix exploits

In this recent campaign, Chinese hackers are attacking companies in various sectors: banks and money and finance Companies, government services, technology companies, oil and gas, telecommunications, services healthcare, media and construction companies.

As we have said above, Chinese hackers carry out mainly targeted attacks. Target companies are located in many countries (USA, United Kingdom, France, Italy, Japan, Saudi Arabia and Switzerland etc.).

“It's not clear if APT41 scanned it Internet and attempted mass exploitation or if he chose a subset of specific organizations to target. However, they appear to be targeted attacks"FireEye researchers added.

Chinese hackers took advantage of the vulnerability CVE-2019-19781 that affects it Citrix Application Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers.

During these attacks, there were fluctuations. The Chinese hackers they were either very active or completely stopped their activities.

As FireEye discovered, the breaks coincide with Chinese holidays and quarantine measures taken by the Chinese government in response to its pandemic COVID-19.

“This decrease in activity is likely to be related to COVID-19 quarantine measures in China. However, Chinese hackers may have remained active in other ways that we could not observe, ”the researchers said.

Cisco exploits

Zoho and Cisco exploits

On February 21, Chinese hackers hacked the router Cisco RV320 of a telecommunications organization, but researchers FireEye could not determine which Cisco exploits the hackers used to attack.

“It is not known which exploits were used, but there is one Metasploit module, combining two vulnerabilities (CVE-2019-1653 and CVE-2019-1652), which allow remote code execution on routers, ”FireEye said.

APT41 then took advantage of the zero-day vulnerability CVE-2020-10189 on Zoho ManageEngine, which allows hackers to execute code as SYSTEM / root on non-upgraded systems.

Since March 8, the day after Zoho's CVE-2020-10189 fix, Chinese hackers have attacked FireEye clients and managed to breach the systems of at least five people.

The hackers then installed a trial version of it Cobalt Strike BEACON loader and installed another backdoor used to download one VMPprotected Meterpreter downloader.

This is not the first time APT41 has used public exploits to target vulnerable people systems.

"This new activity from this team shows how quickly the recently published vulnerabilities can be exploited."

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Please enter your comment!
Please enter your name here


Research: Teenagers prefer iPhones to Samsung phones

According to research conducted every six months in order to record the habits of teenagers, young people do not choose Samsung phones ....

Bill Gates: Schools open in the fall and the economy collapses

Bill Gates believes schools will be able to open in the fall, he told Becky Quick on CNBC.

OTE Group Telecommunications Museum: Educational programs and entertainment activities from home for children aged 4-12 and the whole family

Educational programs and entertainment activities for children and families, in which they can participate from home, are offered by the Group's Telecommunications Museum ...

Microsoft: The April 2020 update for Office has been released

Microsoft released the non-security updates of April 2020 for Microsoft Office, which include corrections for errors as well as improvements ...

Tesla's new Cheetah mode offers top performance

The new Cheetah mode in the Tesla S model pushes the electric car from 0 to 100 km / h faster than ...

Tails 4.5: The new, safer version has been released!

Tails 4.5: The new, safer version has been released - Tails, is a live operating system based on ...

Windows 10 feature helps to delete useless files and apps

Windows 10 will make it easier to delete useless files and apps by displaying them in a list.

Cloudflare: Stops using Google's reCAPTCHA!

Cloudflare has announced that it will stop using Google's reCAPTCHA and switch to a new bot detector that ...

Google Stadia Pro is available for free for two months! Time for video games!

The situation we are experiencing lately due to corona, is one of the most difficult situations of ...

Russia is expected to try to manipulate the 2020 elections

The report comes after election security experts remain on alert for attempts to manipulate the 2020 election by ...