"Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies"

A recent Earth Preta campaign reveals that China-aligned nation-state groups are becoming increasingly skilled at circumventing security systems. Since at least 2012, the broader cybersecurity community has tracked the threat actor under the names Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. The group's attack chains begin with spear-phishing emails that deploy various tools for backdoor access, command-and-control (C2), and data exfiltration. These messages carry malicious lure archives delivered via Dropbox or Google Drive links that use DLL side-loading, LNK shortcut files, and fake file extensions as arrival vectors to gain a foothold and drop TONEINS, TONESHELL, PUBLOAD, and MQsTTang backdoors. Similar infection chains using Google Drive links to distribute Cobalt Strike have been spotted as early as April 2021. This article continues to discuss new findings regarding the Earth Preta campaign. 

THN reports "Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies"