As governments around the world continue to deal with the coronavirus pandemic, a hacking group with potential ties to South Korea has launched an espionage campaign against the Chinese government.
The DarkHotel advanced persistent threat group has compromised over 200 VPN servers in order to infiltrate a number of Chinese institutions and government agencies, according to a new report from Qihoo 360.
In one case, the hacking group exploited a previously unknown vulnerability in the enterprise VPN software Sangfor SSL and then installed malicious software onto victim's machines in order to collect user data.
- VPN usage soars across the world
- Hackers target WHO as coronavirus spreads
- Giving back during a crisis: what VPN companies are doing to help
The timing of the attack also coincided with new instructions from the Chinese government which urged citizens to work from home in order to help stop the coronavirus' spread.
DarkHotel hacking group
While Qihoo 360 believes that the DarkHotel hacking group was behind this latest series of attacks, other security researchers aren't so sure. In a post on Twitter (opens in new tab), principal security researcher at Kaspersky, Brian Bartholomew argued that the Beijing-based security firm did not provide the necessary evidence to tie DarkHotel to these attacks, saying:
“I’m going to be a bit blunt here. This write up is full of speculation, no evidence this was actually DatkHotel, and a ton of confirmation bias about targeting because of Covid. Not saying they’re wrong, but in the future, there needs to be more supporting data to support claims.”
VPN services are helping to keep remote workers all over the world secure as they work from home during the coronavirus pandemic which is why we've seen an increased number of attacks targeting them. In its report (opens in new tab), Qihoo 360 explained that VPNs are vital to Chinese businesses during this trying time, saying:
“Imagine it, with the spreads of the coronavirus pandemic, Chinese enterprises and institutions abroad have all adopted the remote working mode and employees in each unit will establish contact with the headquarters and transfer all sensitive data through the VPN. If the VPN server is compromised at this moment, the consequences will be unimaginable.”
Whether or not DarkHotel is behind this latest series of attacks still remains to be proven but hopefully other security researchers will now begin to look into the matter to see if Qihoo 360's claims are true.
- Also check out our complete list of the best VPN services
Via CyberScoop (opens in new tab)