This major Chinese VPN provider has been hacked

artistic representation of a hacker
Image credit: Shutterstock (Image credit: Shutterstock)

As governments around the world continue to deal with the coronavirus pandemic, a hacking group with potential ties to South Korea has launched an espionage campaign against the Chinese government.

The DarkHotel advanced persistent threat group has compromised over 200 VPN servers in order to infiltrate a number of Chinese institutions and government agencies, according to a new report from Qihoo 360.

In one case, the hacking group exploited a previously unknown vulnerability in the enterprise VPN software Sangfor SSL and then installed malicious software onto victim's machines in order to collect user data.

The timing of the attack also coincided with new instructions from the Chinese government which urged citizens to work from home in order to help stop the coronavirus' spread.

DarkHotel hacking group

While Qihoo 360 believes that the DarkHotel hacking group was behind this latest series of attacks, other security researchers aren't so sure. In a post on Twitter, principal security researcher at Kaspersky, Brian Bartholomew argued that the Beijing-based security firm did not provide the necessary evidence to tie DarkHotel to these attacks, saying:

“I’m going to be a bit blunt here. This write up is full of speculation, no evidence this was actually DatkHotel, and a ton of confirmation bias about targeting because of Covid. Not saying they’re wrong, but in the future, there needs to be more supporting data to support claims.”

VPN services are helping to keep remote workers all over the world secure as they work from home during the coronavirus pandemic which is why we've seen an increased number of attacks targeting them. In its report, Qihoo 360 explained that VPNs are vital to Chinese businesses during this trying time, saying:

“Imagine it, with the spreads of the coronavirus pandemic, Chinese enterprises and institutions abroad have all adopted the remote working mode and employees in each unit will establish contact with the headquarters and transfer all sensitive data through the VPN. If the VPN server is compromised at this moment, the consequences will be unimaginable.”

Whether or not DarkHotel is behind this latest series of attacks still remains to be proven but hopefully other security researchers will now begin to look into the matter to see if Qihoo 360's claims are true.

  • Also check out our complete list of the best VPN services

Via CyberScoop

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.