Malware attacks are usually made in secret operations. Last year, what happened to the Russian federal agencies was linked to the Chinese hackers who have installed the so-called "Webdav-O" virus to the systems.
Cybersecurity Experts Discovered Webdav-O Virus
According to Group IB, a cybersecurity firm based in Singapore, the team has spotted the Webdav-O computer virus, which has been known to be related to Trojan. Moreover, the Trojanware being described here is the "BlueTraveller" variant that was believed to be controlled by a group of Chinese hackers called TaskMasters.
Anastasia Tikhonova and Dmitry Kupin, the two cybersecurity experts from Group IB, noted that the Chinese hackers had been known as aggressive attackers of many important establishments. This involves research institutes, state agencies, and even military systems.
Kupin and Tikhonova added that the Chinese APT groups have been operating across the globe to gain more sensitive information from their victims.
There are related reports tied to what Group IB found out. It was revealed that the federal institutions in Russia had been infected by another malware dubbed as "Mail-O." The notorious cybercriminals behind the attack have been spotted accessing the Mail.ru cloud service of the Russian authorities.
Sentineone saw the connection of the "PhantomNet" malware to the malicious activity. It was later found out that the threat actor called TA428 has been controlling it.
Why the Chinese Attackers Hack the System
From another article written by The Hacker News on Wednesday, Aug. 4, the alleged state-sponsored hackers have been active in destroying the IT system of a firm.
The cyber hackers aim to compromise the system's infrastructure to steal some important documents and confidential details from the Russian federal agencies, as per Solar JSOC.
What's dangerous about the scheme of these Chinese hackers is the high-level hacking techniques that they use. Furthermore, they also utilize tools that could bypass the security system of the agencies.
Webdav-O Virus' Relation to BlueTraveller
Again, Group IB's report found out that its cybersecurity analysis matched what Solar JSOC discovered. There was a connection between the Webdav-O and BlueTraveller malware starting from their source codes and command processing methods.
Another malware called "Albaniiutas" has been linked to the BlueTraveller trojan. It was recorded to be used in the latter part of 2020. The cybersecurity analysts said that the Webdav-O variant that attacked Russian federal agencies was a version of BlueTraveller.
The experts suspected that one of the two groups, TaskMasters or TA428, or both of them could possibly be involved in the 2020 attacks in Russia. They speculated that there was an organized Chinese group behind these activities.
Last month, Chinese hackers were involved in the recent SolarWinds attack. Microsoft said that the attackers utilize zero-day to infect the computer systems of the firm.
This article is owned by Tech Times
Written by Joseph Henry