Cyber Espionage Group Targets Asian Countries With Bitcoin Mining Malware – PZChao operation

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary on PZChao Operation:
Today I came across this story from thehackernews.com that security researchers discovered a tailor made piece of malware as the PZChao operation has caused major damage in Asia in the past few months and is able to perform nasty tasks such as password stealing, Bitcoin mining and full remote access to compromised systems for hackers.
PZChao operation
Known as the PZChao operation, attacks discovered by security researchers at Bitdefender have been targeted at organizations in the government, technology, education and telecommunications sectors in Asia and the United States.
The researchers believe that the nature, infrastructure, and payloads used in the PZChao attack, including variants of the Gh0stRAT Trojan, are reminiscent of the infamous Chinese hacker group Iron Tiger.
However, this movement has evolved into its payload to lower Trojans, conduct cyber espionage and encrypt my bitcoins bitcoin.
According to the researchers, the PZChao operation campaign attacked the goals of Asia and the United States with attacks similar to the Iron Tiger, signaling the possible return of the notorious Chinese APT team.
The organization that PZChao has been targeting has been a malicious VBS file attachment since July last year and is delivered through a highly targeted phishing email.Cyber spyware malware
If executed, the VBS script downloads additional payloads from the distribution server hosting “down.pzchao.com” to the affected Windows machines, which resolves to the IP address in Korea (125.7.152.55) upon investigation.
Threats behind an attacker At a minimum, the controller can control five malicious subdomains in the “pzchao.com” domain, each of which is used to perform specific tasks such as downloading, uploading, RAT-related operations, and malware DLL delivery.
The researchers point out that the payloads that threaten the deployment of actors are “diverse, including the ability to download and execute additional binaries, gather private information, and execute commands remotely on the system.”
The first payload on the compromised machine was a bitcoin miner disguised as a ‘java.exe’ file that mined encryption at 3 am every three weeks (when most people were not in front of their system) currency.
For password theft, the malware also deploys one of the two versions of the Mimikatz password scanning utility (depending on the operating architecture of the affected computer) to obtain the password and upload it to the command and control server.
The final payload of PZChao operation includes a slightly modified version of the Gh0st Remote Access Trojan (RAT), which is designed to be backdoor implanted and has very similar versions detected in cyber-attacks associated with the Iron Tiger APT group.
Gh0st RAT is equipped with a large number of network spy features, including:
Real-time and offline remote key record
List all active processes and open the window
Listen to the conversation through the microphone
Eavesdropping real-time video camera source
Allow remote shutdown and reboot the system
Download binary files from the Internet to a remote host
Modify and steal documents.
All of the above features allow remote attackers full control over an infected system, monitor victims and easily leak confidential data.
The researchers said that although PZChao’s tools have been used for several years, they have been tested for combat and are better suited for future attacks.
Iron Tiger, known since 2010 as “Emissary Panda” or “Threat Group-3390,” is China’s Advanced Contingency Threat (APT) group whose activities have led to the theft of large numbers of directors and managers of U.S. defense contractors.
Similar to the PZChao campaign, the group also attacked entities in China, the Philippines and Tibet and attacked the U.S. targets.
Read more…
Security researchers have discovered a custom-built piece of malware that’s wreaking havoc in Asia for past several months and is capable of performing nasty tasks, like password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems. Dubbed Operation PZChao, the attack campaign discovered by the security researchers at Bitdefender have been targeting Engaging post, Read More…
thumbnail courtesy of thehackernews.com

(adsbygoogle = window.adsbygoogle || []).push({});

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post

The post Cyber Espionage Group Targets Asian Countries With Bitcoin Mining Malware – PZChao operation appeared first on Safe Harbor on Cyber.