BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Mandiant reveals how China is using USB devices for spying


    This campaign showed how China is using cyberspace to its advantage.

    A Chinese-linked group has been carrying out a series of spy attacks in the Philippines using USB devices as an initial infection vector, according to a new report by Mandiant.

    Mandiant monitors a cluster of threats under its unclassified name UNC4191. Based on an analysis of artifacts used in the invasions, the campaign took place in September 2021.

    The attacks affected a number of public and private sector organizations, primarily in Southeast Asia, but also in the United States, Europe and the Asia-Pacific region. However, even when the target organizations were located elsewhere, certain systems targeted by UNC4191 were also physically located in the Philippines.

    According to experts, the attacks have led to the deployment of new families of malware called MISTCLOAK, DARKDEW, BLUEHAZE, as well as Ncat, a command-line network utility that is used to create a reverse shell on the victim's system.

    When a user plugs a compromised USB device into the computer, MISTCLOAK is activated, acting as a launchpad for the DARKDEW encrypted payload. DARKDEW, in turn, infects removable drives, spreads to additional systems and collects data from Air Gap systems (air gap).

    In addition, DARKDEW is also designed to run an executable (“DateCheck.exe”), a renamed version of the legitimate “Razer Chromium Render Process” application that deploys the BLUEHAZE malware. BLUEHAZE launches a copy of Ncat to create a reverse shell at a hard-coded command and control (C&C) server address.

    The researchers believe that this campaign demonstrates China's actions to gain and maintain access to public and private organizations in order to collect intelligence related to the country's political and commercial interests.

    Author DeepWeb
    The Spanish police eliminated a group of cybercriminals who earned more than 12 million euros on fraud
    Attackers hack power grids using vulnerabilities in outdated software

    Comments 0

    Add comment