Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs

The Chinese hacker group Tick has targeted an East Asian data loss prevention firm whose customers include military and other government organizations.

A notorious Chinese cyberespionage group has been spotted targeting a data loss prevention (DLP) company that serves military and other government organizations.

Cybersecurity firm ESET analyzed the attack, which it managed to trace back to March 2021. Over the course of more than a year, the hackers conducted activities within the network of the targeted organization.

The victim is a DLP software development company located in an unnamed East Asian country. ESET’s report does mention possible links to a different attack aimed at South Korean companies and individuals, but it’s unclear if the DLP firm is from the same country. 

Tick, also known as Bronze Butler and RedBaldKnight, has been around since at least 2006, mainly targeting entities in the APAC region with the goal of stealing intellectual property and classified information. The hackers have been known to use sophisticated methods — including zero-day vulnerabilities — in their attacks.

ESET has attributed the attack on the DLP company to Tick with high confidence, primarily based on the use of malware that is unique to this APT.

The attackers deployed three pieces of malware during this operation, including a new downloader named ShadowPy.

One interesting aspect of the attack observed by ESET is the fact that the hackers compromised update servers and tools used by the victim, but they apparently leveraged them to spread laterally within the company’s environment rather than for conducting a supply chain attack targeting its customers.

ESET did identify two customers who had received trojanized installers developed by the attackers, but researchers believe these malicious installers were transferred to the customers by mistake by the DLP firm’s employees during tech support activities rather than being distributed by the attackers. 

Advertisement. Scroll to continue reading.

“Using ESET telemetry, we didn’t identify any customers of the DLP company who had received any malicious files through the software developed by that company,” ESET said.

Related: Custom Chinese Malware Found on SonicWall Appliance

Related: EU Organizations Warned of Chinese APT Attacks

Related: Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.