Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs

The Chinese hacker group Tick has targeted an East Asian data loss prevention firm whose customers include military and other government organizations.

A notorious Chinese cyberespionage group has been spotted targeting a data loss prevention (DLP) company that serves military and other government organizations.

Cybersecurity firm ESET analyzed the attack, which it managed to trace back to March 2021. Over the course of more than a year, the hackers conducted activities within the network of the targeted organization.

The victim is a DLP software development company located in an unnamed East Asian country. ESET’s report does mention possible links to a different attack aimed at South Korean companies and individuals, but it’s unclear if the DLP firm is from the same country. 

Tick, also known as Bronze Butler and RedBaldKnight, has been around since at least 2006, mainly targeting entities in the APAC region with the goal of stealing intellectual property and classified information. The hackers have been known to use sophisticated methods — including zero-day vulnerabilities — in their attacks.

ESET has attributed the attack on the DLP company to Tick with high confidence, primarily based on the use of malware that is unique to this APT.

The attackers deployed three pieces of malware during this operation, including a new downloader named ShadowPy.

Advertisement. Scroll to continue reading.

One interesting aspect of the attack observed by ESET is the fact that the hackers compromised update servers and tools used by the victim, but they apparently leveraged them to spread laterally within the company’s environment rather than for conducting a supply chain attack targeting its customers.

ESET did identify two customers who had received trojanized installers developed by the attackers, but researchers believe these malicious installers were transferred to the customers by mistake by the DLP firm’s employees during tech support activities rather than being distributed by the attackers. 

“Using ESET telemetry, we didn’t identify any customers of the DLP company who had received any malicious files through the software developed by that company,” ESET said.

Related: Custom Chinese Malware Found on SonicWall Appliance

Related: EU Organizations Warned of Chinese APT Attacks

Related: Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.