Chinese Hackers Use New Malware to Access Hacked Networks

Introduction to Chinese APT and Their Malware Deployment

A recent report has shed light on the activities of a Chinese espionage group, tracked as UNC5221, which has been found to be accessing Microsoft 365 environments using a combination of backdoors and previously undocumented malware. The primary goal of this group appears to be maintaining persistent access to compromised networks.

The group's arsenal includes the Brickstorm backdoor, along with two newly identified pieces of malware named Plenet and AgentPSD. These tools enable the attackers to infiltrate and maintain a foothold within targeted systems, facilitating the exfiltration of sensitive information and the potential disruption of network operations.

Malware Components and Their Functions

The malware components used by UNC5221 can be broken down into their respective roles within the attack campaign:

• Brickstorm Backdoor: Allows for remote access to compromised systems, enabling the attackers to execute commands, upload files, and download data.
• Plenet: A previously undocumented malware, its specific functions are still under analysis but it is believed to play a role in establishing and maintaining persistence within the network.
• AgentPSD: Another newly discovered malware, its capabilities and purpose are under investigation, but like Plenet, it is thought to contribute to the group's ability to access and control compromised systems.

These tools, when used in conjunction, provide the attackers with a robust set of capabilities to achieve their objectives within the targeted environments.

Implications and Recommendations

The deployment of such sophisticated malware by a Chinese APT group underscores the evolving threat landscape and the need for organizations to enhance their cybersecurity postures. It is crucial for entities to implement robust security measures, including regular updates, patches, and the use of advanced threat detection systems.

Moreover, awareness and education about these threats can significantly reduce the risk of successful attacks. Organizations should consider conducting regular security audits and training programs for their staff to recognize and respond appropriately to potential security incidents.

Frequently Asked Questions (FAQ)

Below are some key questions and answers related to the Chinese APT group and their deployment of new malware:

• Q: What is the primary goal of the UNC5221 group?
• A: The primary goal of the UNC5221 group is to access and maintain persistence within Microsoft 365 environments to facilitate espionage activities.
• Q: What malware is used by the UNC5221 group?
• A: The group uses the Brickstorm backdoor, along with newly identified malware named Plenet and AgentPSD, to achieve their objectives.
• Q: How can organizations protect themselves from such attacks?
• A: Organizations can protect themselves by implementing robust security measures, including keeping software up to date, using advanced threat detection systems, and conducting regular security audits and training programs.