BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Chinese RedGolf hackers use KeyPlug backdoor in their latest attacks

    The pro-party group targets Windows and Linux computers.

    The Chinese state-sponsored attacker group, tracked under the name RedGolf, has been seen using a special “KeyPlug” backdoor designed for Windows and Linux systems.

    “RedGolf is a particularly active Chinese state-sponsored malicious group that has likely been operating against a wide range of industries around the world for many years. RedGolf has demonstrated the ability to quickly exploit newly identified vulnerabilities (eg Log4Shell and ProxyLogon). The group also has experience in the development and use of a large number of custom malware families,” Recorded Future said.

    The use of KeyPlug by Chinese attackers was first exposed by Mandiant in March 2022 in attacks targeting US government networks. Then, in October 2022, Malwarebytes detailed a range of attacks targeting government agencies in Sri Lanka. They used the new "DBoxAgent" implant which was used to deploy the KeyPlug.

    Both malware campaigns were then attributed to the Winnti hackers (also known as APT41, Barium, Bronze Atlas or Wicked Panda). According to Recorded Future, the Winnti faction has "close overlap" with the RedGolf intruders.

    “We didn't see much victimization in RedGolf's latest activity. However, we believe that these activities are likely to be carried out for exploration purposes, and not for financial gain, ”the Recorded Future publication says.

    In addition to KeyPlug, Recorded Future noted the use of the GhostWolf operating infrastructure by the RedGolf team, as well as the Cobalt Strike and PlugX tools. The GhostWolf infrastructure consists of 42 IP addresses that function as a C2 server for the KeyPlug. Hackers have also been seen using a mixture of both traditionally registered domains and dynamic DNS domains as points of contact for Cobalt Strike and PlugX, often with technology themes.

    “RedGolf continues to demonstrate a high rate of activity and quickly exploit vulnerabilities in external corporate devices (VPNs, firewalls, mail servers, etc.) to gain initial access to targeted networks. In addition, the group is likely to continue introducing new user-generated malware families in the future, expanding its arsenal,” Recorded Future said in a statement.

    To protect against RedGolf attacks, organizations are encouraged to regularly apply patches, monitor access to external network devices, monitor and block identified command and control infrastructure, and configure intrusion detection or prevention systems to track malware detection.

    Author DeepWeb
    MageCart hackers inject skimmers into payment processing modules of WordPress online stores
    Uniswap is under attack: Sandwich method led to a leak of $ 25.2 million in assets

    Comments 0

    Add comment