Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

Thursday, November 14, 2024

Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

HomeCyberSecurityFrench Government Investigates Suspected Chinese Espionage

French Government Investigates Suspected Chinese Espionage

Cybercrime
,
Fraud Management & Cybercrime

National Police Probe Botnet Campaign That Infected 3,000 Machines

French Government Investigates Suspected Chinese Espionage
French police point to downtown Lyon, France in January 2022. (Image: Shutterstock)

The French government has launched an investigation into a suspected Chinese espionage campaign that infected thousands of networks in France.

See Also: How to Build Your Cyber Recovery Playbook

The Paris Public Prosecutor’s Office on Thursday said it launched a preliminary investigation into a “network of machine zombies,” or botnets, used for suspected espionage purposes. French cybersecurity firm Sekoia uncovered the hacking campaign in 2023.

The botnet campaign pushed out the PlugX remote access Trojan that has infected 3,000 machines in France since 2020. The digital unit of the French National Police is leading efforts to restore the affected devices.

“The disinfection operation was launched on July 18, and will continue for several months,” the Paris Public Prosecutor’s Office said. “A few hours after the start of the process, around a hundred victims have already benefited from this disinfection, mainly in France.”

French authorities also restored devices in Malta, Portugal, Croatia, Slovakia and Austria. “French victims will be individually notified by the National Information Systems Security,” the Prosecutor’s Office said.

PlugX, also known as Destroy RAT and Kaba, has been active since 2008. The malware offers backdoor capabilities, allowing attackers to gain full control of infected devices remotely. The variant has been typically associated with Chinese advanced persistent groups tracked as VioletTyphoon, Mustang Panda and Wicked Panda.

An analysis by Sekoia said the campaign used a previously unseen worm variant of PlugX that it attributed to Chinese APT group Mustang Panda. The campaign, which began in 2020, has been spread using infected flash drives, the company said.

When the victims opened the malicious file within the USB, PlugX copied itself to the host, established persistence and then checked every 30 seconds for new connections, to infect them.

Sekoia estimates the campaign has targeted millions of devices in over 170 countries so far, leading the company to believe the likely motive of the botnet operators is to infect as many victims as possible in multiple countries, as well as to target offline devices.

A Sekoia spokesperson said the company has taken control of the command-and-control server of the botnet campaign. “We developed the disinfection tool that was offered to the police force. It is then the role of each authority to decide and manage the disinfection campaign in their respective country,” the spokesperson told Information Security Media Group.




Source link

Bookmark (0)
Please login to bookmarkClose
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Sponsored Business

- Advertisment -spot_img