14 DAY TRIAL // IT security firm Seculert has published the first part of a report on a Chinese-speaking cybercriminal group that has targeted several organizations and nation-states from all over the world.
Evidence collected by Seculert suggests that the malware used by the attackers as the main download component, dubbed PinkStats, has been utilized in various cyberattacks since 2009.
Most recently, the malware has been spotted targeting dozens of organization from South Korea. Experts believe that this particular campaign, which resulted in the infection of over 1,000 machines, is one of the largest operations that used the PinkStats malware.
In the attacks against South Korean organizations, PinkStats downloaded two additional pieces of malware on the infected devices.
The first is a Chinese attack tool called “zxarps,” that allows the attackers to inject iframes into active web sessions. The second component downloaded by PinkStats is a distributed denial-of-service (DDOS) tool disguised as a piece of software from a South Korean antivirus company, AhnLab.
It’s worth noting that the DDOS tool hasn’t received any specific instructions from the attackers. However, experts believe this might change soon, considering that South Korea’s cyber infrastructure has been recently targeted by such attacks.
“This is not the first time we have seen Chinese attackers target entities from other Asian countries,” Aviv Raff, CTO of Seculert, noted.
“However, while it was speculated that the Chinese are behind the recent DDoS attack against South Korea’s critical infrastructure, PinkStats seems to be the first real proof that Chinese-speaking adversaries are indeed targeting South Koreans,” he explained.
For additional technical details on the PinkStats malware and the operations it has been used in, check out Seculert’s blog.