About:

A group of hackers who are associated with China has been accused of carrying out a three-year cyber campaign that targeted organizations in 17 countries, including the United States, Europe, and Asia. The hackers, who are known as TAG-22 or Threat Activity Group-22, are believed to be operating on behalf of the Chinese government.

 

What Happened?

In order to find the victims, the hackers employed a number of strategies, such as spear phishing, watering hole attacks, and exploiting known security flaws. They also employed a range of malware, such as trojans, ransomware, and backdoors.

Governments, think tanks, universities, and corporations were among the many organizations that the hackers targeted. They are suspected of having stolen sensitive material, including government secrets, personal information, and intellectual property.

A cybersecurity company called Recorded Future was the first to discover the cyber campaign. According to Recorded Future, the hackers were employing a number of strategies to avoid detection, including the use of unique infrastructure and malware.

 

How it happened?

China has been charged by the US government with organizing the cyber campaign. The hackers were “likely acting on behalf of the Chinese government,” according to a statement from the US Cybersecurity and Infrastructure Security Agency (CISA), and they were “targeting a wide range of organizations in the United States and around the world.”

Any involvement in the cyber campaign has been refuted by the Chinese government.

The cyberattack serves as a reminder of the rising danger that state-sponsored hacking poses. State-sponsored hackers can be a serious threat to organizations all around the world because they are frequently well-funded and talented.

The China-linked hackers used a variety of techniques to target their victims, including:

Spear phishing is a sort of phishing assault in which hackers send emails that are especially aimed at a specific person or business. The emails frequently have the appearance of coming from a reputable organization, such a bank or government body.

Attacks called “watering holes” can place when hackers gain access to a website that is commonly used by their target victims. Once the website has been broken into, the hackers can next introduce harmful code. The malicious code will unwittingly be downloaded onto the intended victims’ PCs when they visit the website.

Utilizing existing vulnerabilities: In order to access the systems of their victims, the hackers also made use of known weaknesses in hardware and software.

Utilizing various malware: Malware tools utilized by the hackers included backdoors, trojans, and ransomware. Trojans can be used to steal data or install further software, whilst backdoors give hackers direct access to a victim’s system. Data from a victim is encrypted by ransomware, which then requests a payment to unlock the data.

The three-year cyber campaign by China-linked hackers, which targeted businesses in 17 nations, including those in the US, Europe, and Asia, had a variety of negative effects on its victims.

They stole confidential data. According to speculation, the hackers stole critical material including government secrets, personal information, and intellectual property. The Chinese government may use this information to undertake espionage, extort money from people or businesses, or gain a competitive edge.

They interfered with business. By shutting down systems, erasing data, and conducting denial-of-service attacks, the hackers also interfered with the operations of their victims. Organizations may suffer considerable financial losses as well as reputational harm as a result of this.

They made people nervous and uneasy. The victims of the cyber campaign were likewise shaken by anxiety and apprehension. Possibly out of concern for additional assaults, the organizations that were targeted were hesitant to divulge details about the incident. This might make it more difficult to express oneself freely and work together.

Although the cyber campaign’s specifics are still being looked at, it is obvious that it was a massive strike with wide-ranging effects. The hackers were highly trained and well-equipped, and they were able to target a variety of businesses.

 

Remediations:

• Use strong passwords and multi-factor authentication: Strong passwords and multi-factor authentication can make it more difficult for hackers to gain access to your systems.
• Keep your software up to date: Software updates often include security patches that can help to protect you from known vulnerabilities.
• Use a security awareness training program: A security awareness training program can help your employees to identify and avoid phishing emails and other common cyberattacks.
• Monitor your network for suspicious activity: A network monitoring solution can help you to detect and respond to malicious activity on your network.
• Have a plan in place in case of a cyberattack: Having a plan in place can help you to minimize the damage caused by a cyberattack.