This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A cyber-espionage hacking gang is suspected of breaking into the Myanmar president’s office website and injecting a backdoor trojan into a customized Myanmar font package accessible for download on the home page. ESET, a Slovak security firm, discovered the attack on Wednesday, June 02, 2021.
The software employed in the attack resembles malware strains used in previous spear-phishing efforts intended at Myanmar targets by a Chinese state-sponsored hacker outfit known as Mustang Panda, RedEcho, or Bronze President, according to researchers.
Mustang Panda is mostly focused on non-governmental organizations (NGOs). It employs Mongolian language decoys and themes, as well as shared malware such as Poison Ivy and PlugX, to attack its targets. Their attack chain looks something like this:
• A malicious link is disguised using the goo.gl link shortening tool and sent to a Google Drive folder.
• When you click on the Google Drive link, you’ll be taken to a zip file that contains a.Ink file disguised as a.pdf file.
• The user is redirected to a Windows Scripting Component (.wsc) file when they open the file. This file can be found on a malicious microblogging website.
• A VBScript and a PowerShell script from the Twitter page are included in the.Ink file to get the fake PDF file.
• A Cobalt Strike (https://know.n
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Myanmar President’s Office Hacked for the Second Time