Chinese hackers cyber-attack Mongolia with a digital Coronavirus malware

1541

A team of researchers from Check Point has discovered that the Mongolian Public Sector was hit by a digital Coronavirus scare when hackers from Chinese APT tried to deliver a malware implant into the target’s IT infrastructure.

 


Security researchers say that the hackers are trying to bank on the Covid-19 virus scare by delivering malware loaded digital documents in the disguise of media updates to undeveloped nations like in Africa and Asia.

 

Over the years, such acts were recorded being targeted on different sectors operating in countries like Russia, Ukraine, and Belarus.

 

Technically speaking, Chinese APT hackers are seen populating digital documents written in the Mongolian Language which one of them alleges to be from the Mongolian Ministry of Foreign Affairs. As these documents are weaponized by tools named RoyalRoad, it helps the potential hackers to exploit the Equation Editor Vulnerabilities in Microsoft Word.

 

Researchers say that the threat actors are operating the C&C server in a limited window only for a few minutes, making it difficult for security teams to track them down the infection chain.

 

A detailed analysis related to this campaign is available on the official research blog of Check Point.

 

The actual objective of Chinese APT is still a mystery, but Check Point says that the campaign is being targeted at a variety of government and organizations on a global note.

 

Note 1- Already countries like the UK and United States are alleging that china started a bio war by developing Coronavirus in the labs of Wuhan. And now multiple law enforcement agencies from the west claim that the APT group which is populating the current cyber-attack campaign is being funded by the military intelligence of China.

 

Note 2- As the name suggests APT means Advanced Persistent Threat is the name of a cyber threat actor which is being sponsored by a state to gain unauthorized access to a computer network of an adversary for an extended period. The aim is to steal, spy or disrupt a computer network for a political or economic gain.