"Chinese-Language Threat Group Targeted a Dozen South Korean Institutions"
A Chinese-language threat group targeted South Korean research and academic institutions with data exfiltration attacks in January. Researchers from Recorded Future's Insikt Group suspect that the threat actors affiliated with the group have launched a series of new attacks against organizations in Japan and Taiwan. The group is known as Xiaoqiying, Genesis Day, or Teng Snake, according to Di Wu, senior threat intelligence analyst at Insikt Group. The attacks against South Korean institutions began on January 25, impacting the Korean Research Institute for Construction Policy, the Korean Archaeological Society, the Woorimal Academic Society, and the Korean Academy of Basic Medicine and Health Sciences. Wu stated that the analysis of the group's Telegram channels, postings on special-access forums, and presence on a clearnet website led to the conclusion that this is a hacktivist group motivated primarily by patriotism toward China, and that it will likely conduct similar cyberattacks against Western and NATO targets, as well as any country or region considered hostile to China. The group operated two Telegram channels, one for posting announcements and the other for communicating with other hackers and followers. Both were shut down in February when media outlets began reporting on the cyberattacks targeting South Korea. Prior to disbanding, the group recruited new members via Telegram. Xiaoqiying claimed to have stolen 54 GB of data from various organizations. This article continues to discuss the Xiaoqiying threat group targeting a dozen South Korean research and academic institutions with data exfiltration attacks.
The Record reports "Chinese-Language Threat Group Targeted a Dozen South Korean Institutions"