Operation PZChao: Chinese Iron Tiger APT ‘back’ with data-stealing, bitcoin-mining espionage malware
February 3, 2018
Seid Yassin (557 articles)
Share

Operation PZChao: Chinese Iron Tiger APT ‘back’ with data-stealing, bitcoin-mining espionage malware

Security researchers have discovered a custom-built piece of malware wreaking havoc in Asia for several months that could signal the return of the notorious Chinese hacker group – Iron Tiger. According to researchers at Bitdefender, attacks by Operation PZChao have been targeting institutions in the government, technology, education and telecommunications sector in Asia and the US.

The attack uses highly targeted spam messages along with a malicious VBS file attached to download additional payloads from a distribution server. As of 17 July 2017, the server hosting “down.pzchao.com” was resolved to an IP address located in South Korea, researchers said.

“The threat actors behind the attack have control over five subdomains of the “pzchao.com” domain. Suggestively named, these domains serve specific functionalities, such as upload, download and RAT related communication,” Bitdefender said in a report.

Source | ibtimes

Related articles

Indian Army Asks Personnel to Removed 89 Apps Including Facebook, Instagram & Others

Indian Army Asks Personnel to Removed 89 Apps Including Facebook, Instagram & Others

Crypto Exchange Bitrue Loses $4.5m in Cyber Raid

Crypto Exchange Bitrue Loses $4.5m in Cyber Raid

US electricity grid faces ‘imminent danger’ from cyberattacks, energy department warns

US electricity grid faces ‘imminent danger’ from cyberattacks, energy department warns