Wednesday, January 20, 18:08
Home security The APT15 hacking team is linked to the Chinese government

The APT15 hacking team is linked to the Chinese government

In a report released today, cyber security company Lookout said it had found evidence linking Android malware used to spy on minorities in China to a large contractor working on various government projects in the Chinese city of Xi'an. The Lookout report describes a hacking campaign that for years has targeted mainly the ethnic Uighur minority living in western China, but also the Tibetan community, to a lesser extent.

hacking APT15

The campaign infects people in these communities with malware, allowing government hackers to monitor the activities of minority communities in China's border areas, as well as those living abroad in at least 14 other countries.

"The activity of these surveillance campaigns has been observed since 2013," said Lookout researchers.

The company attributed this secret monitoring to a hacking team that believes it is acting on behalf of the Chinese government.

Some of the group's previous hacking actions have been documented by other cybersecurity companies, and the group is already known in industry circles with different code names, such as APT15, GREF, Ke3chang, Mirage, Vixen Panda and Playful Dragon.

The vast majority of previous APT15 attacks involved malware designed to infect Windows desktop, but Lookout said the team also developed an Android hacking toolbox.

Well-known hacking tools include executives malware identified as HenBox, PluginPhantom, Spywaller and DarthPusher. In addition, Lookout said it has discovered four new ones, named SilkBean, DoubleAgent, CarbonSteal and GoldenEagle.

Lookout said it unquestionably links these new Android malware executives to previous Android APT15 hacking tools due to shared infrastructure and the use of the same digital certificates to sign various samples.

To distribute the malware, Lookout said that APT15 did not upload the applications to the Google Play Store, but instead used a technique known as attack.watering hole", Where they hacked legitimate websites and entered maliciously code in these. Malicious code redirects users to websites, forums, app stores and other sites. On these pages users are asked to download and install applications infected with the malware APT15.

However, Lookout said that in the early stages of its search for the new malware APT15, they found a command and control server for the GoldenEagle spy software that had not been protected.

Security investigators said they had gained access to the server and collected information about the victims and the operators who manage the malware.

Looking at the log files, Lookout said it found data from the first devices infected with GoldenEagle. When Lookout searched for the coordinates of these infected devices, it found that most were around a single area.

Lookout said the GPS coordinates came from a building that houses the offices of Xi'an Tianhe Defense Technology, a major contractor in Xi'an, central China.

The fact that Lookout linked a sample of APT15 malware to a Chinese contractor is not a new discovery. From 2017 to 2019, four other Chinese state hacking teams have been linked to contractors hired by Chinese intelligence services operating in various regional offices.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Lorex launches a bell with a 2K camera that detects faces

Lorex launches a new device for smart homes - the bell called "2K QHD Wired Video Doorbell with Person ...

Security awareness is not enough to deal with threats

Significant changes have been made in recent years in dealing with cyber threats. The human factor is now taken seriously in safety. For example,...

MeWe: Gained 2,5 million users in one week!

The social networking platform MeWe saw the number of its users increase significantly after the WhatsApp scandal.

Fake collaboration apps "infect" employees and steal data!

With the outbreak of the COVID-19 pandemic, a large percentage of organizations have experienced malware attacks on remote devices as employees work ...

LG is considering leaving the smartphone sector in 2021

After losing about $ 4,5 billion in the last five years, the smartphone company LG struggled to compete with its rivals. He...

Steve Jobs: Statue in the National Garden of American Heroes by Trump!

The American government decided to place a statue in honor of the co-founder and former CEO of Apple, Steve Jobs, in the National Park ...

Terminology 1.9: New Linux Terminal Emulator with more colors

Boris Faure announced a new version of Terminology 1.9 of the terminal emulator for Linux operating systems. For those who do not ...

Netflix has more than 200 million subscribers worldwide

As predicted by the company itself, Netflix exceeded 200 million subscribers, stating that at the moment 203,66 million ...

YouTube: Blocks Trump for another week

For at least one more week, former US President Donald Trump will not be able to publish content on his channel in ...

Months later, Jack Ma made his first public appearance

Jack Ma has just made his first public appearance in months. The co-founder of Alibaba (BABA) appeared today, in a ...