A cyber-espionage group supposedly linked to the Chinese government is targeting non-governmental organizations (NGOs) in South and East Asia, Secureworks has revealed.
Referred to as BRONZE PRESIDENT, the group may have been active since at least 2014, also targeting political and law enforcement organizations and using both proprietary and publicly available tools to monitor the activity of targeted organizations, discredit their work, or steal their intellectual property.
The hackers use custom batch scripts to collect either specific file types or all files from a targeted NGO’s systems, as well as credentials from high-privilege network accounts and sensitive accounts, including social media and webmail.
Evidence suggests the group has been targeting political and law enforcement organizations in countries such as Mongolia and India. The hackers appear interested in national security, humanitarian, and law enforcement organizations in East, South, and Southeast Asia, Secureworks says.
BRONZE PRESIDENT targets NGOs that conduct research on issues relevant to China, the group’s infrastructure is linked to entities in China, a subset of the group’s operational infrastructure is linked to China-based Internet service providers, and the hackers leverage tools such as PlugX, which have historically been used by Chinese threat groups.
Although the group appears sponsored or at least tolerated by the Chinese government, its “systemic long-term targeting of NGO and political networks does not align with patriotic or criminal threat groups,” Secureworks researchers note.
On the compromised networks, the threat actor elevates privileges to admin level on all systems and installs remote access tools on most computers. The hackers are able to maintain access to the compromised networks for months or even years, the security researchers say.
BRONZE PRESIDENT ..
Support the originator by clicking the read the rest link below.
