Information from Symantec and reported by Bleeping Computer reports a massive attack organized by a group of Chinese hackers which would have started in mid-2021 before continuing in February this year.
This group, affiliated with the Chinese government, is called Cicada and is particularly known along with others such as menuPass, APT10 or Red Appolo. It would exist for more than fifteen years.
A massive attack for espionage
This hacking campaign is said to target many targets involved in legal, governmental or religious activities although non-governmental organizations have also been targeted.
Victims have been recorded on three different continents and countries including the United States, Hong Kong, India, Italy, Canada and Japan are on the list. In the past, the group has already attacked the latter, keeping control over the victim’s machine for nearly nine months.
VLC behind the attack
Although the software itself is safe, the file being played uses a side-loaded DLL that has been compromised by the hacker team. This kind of well-known attack consists of replacing a file necessary for the operation of software.
When launching a file, the program will use a corrupt element instead of the original. The “exploit” of the group is therefore to replace one of these files (very specific) by a version which will execute a code stealthily in the memory of the system, without having recourse to a file. This allows it to avoid detection and even delay its execution on startup.
The group has already used this technique in the past by exploiting a Microsoft Exchange server in order to deploy a WinVNC server and control the machines remotely while having access to the files present.
Do not panic
Although this attack targets a popular reader, the application itself has been found to be clean. In the end, no need for the average user to rush into his software library to uninstall the program.
The pirates favored this time very specific targets. However, remain vigilant about the security of your devices connected to the network.