.webp "Chinese Hackers Exploit IPv6 Network Features to Hack Software Updates")
ESET discovered both SpellBinder and WizardNet, tools used by Chinese hackers. A China-based APT group, “The Wizards,” has been linked to a lateral movement tool, Spellbinder, which allows adversary-in-the-middle (AitM) attacks. It does so via IPv6 stateless address autoconfiguration (SLAAC) spoofing, to roam laterally in the compromised network, blocking packets and redirecting the traffic of legal Chinese software to download malicious updates from a server controlled by threat actors, ESET researchers said to The Hacker News.
About malware WizardNet
The attack creates a path for a malicious downloader which is delivered by hacking the software update mechanism linked with Sogou Pinyin. Later, the downloader imitates a conduit to deploy a modular backdoor called WizardNet.
In the past, Chinese hackers have abused Sogou Pinyin’s software update process to instal
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.