Such activities have been part of an intelligence gathering operation that has been in motion since 2021.
Chinese state-backed hackers have targeted computer systems used by “Heads of government”, Prime Minister’s Office, government institutions linked to finance, aerospace, defence companies, telecom companies, IT organizations and media companies in multiple countries in an intelligence gathering operation that has been in motion since 2021.
This has been unearthed by researchers of Broadcom Inc, a Delaware-based corporation headquartered in San Jose, California, United States. The report by Broadcom has stated that the target of this cyber espionage were “Asian governments” and does not specify which country/countries of the 48 Asian countries were targeted by these Chinese state supported hackers.
Researchers from Broadcom’s Software’s Symantec threat hunter team told The Sunday Guardian, that the company does not “disclose victim identities”. According to the research, the hackers installed Shadow-pad malware into the systems of its intended victims. The said malware was able to execute keylogging, take screenshots, download files and steal clipboard data.
While the report does not name the Chinese entities as being responsible for these attacks, Shadow-pad trojan malware is something that has been used by the Chinese government-sponsored Bronze Atlas group since at least 2017. Researchers in the past have found irrefutable evidence to link these cyber thieves to the Chinese Ministry of State Security (MSS) (Chinese intelligence agency) and the People’s Liberation Army (PLA).
“The malware was likely developed by threat actors affiliated with Bronze Atlas and then shared with MSS and PLA threat groups around 2019,” a Delhi-based cyber researcher told The Sunday Guardian. According to Broadcom, the current campaign appears to be almost exclusively focused on government or public entities. According to experts, the trojan programs were most likely installed on each compromised computer the attackers wanted to run malware on. In some cases, it was likely installed on multiple computers on the same victim network. These malwares were mostly embedded in software, including security software, graphics software and browsers.
Bronze Atlas, which also goes by the name of APT41, Barium, Double Dragon, Wicked Panda, or Winnti, has been termed as a prolific APT, an Advanced Persistent threat (APT) actor, a broad term used to describe an attack campaign in which the intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive information.