China-Based Hackers Target Asian Governments and Defense Industries
Government and Defense Sector Targets Hit by Advanced Cyberattacks
In a sophisticated cyberespionage campaign, Chinese-backed hackers have successfully breached government and defense sector networks in several countries across Asia, including India, Thailand, Malaysia, Myanmar, Sri Lanka, Taiwan, and Pakistan.
A NATO member in Europe, specifically Poland, has also been targeted.
Tactics and Techniques Used by Attackers
- The attackers exploited known vulnerabilities in internet-facing Microsoft Exchange Server and Internet Information Services (IIS) systems to gain initial access.
- They then deployed web shells, such as “Godzilla,” for persistent remote access and installed the ShadowPad malware using dynamic-link library (DLL) side-loading techniques.
- The malware leverages legitimate signed executables to evade detection.
According to research, the attacks are attributed to a threat cluster known as “SHADOW-EARTH-053,” which has been active since at least December 2024.
This campaign demonstrates a high level of sophistication, utilizing a combination of known vulnerabilities, web shells, and advanced malware.
Additional Threats from Chinese-Lined Groups
- Researchers have identified phishing campaigns conducted by two other Chinese-linked groups, GLITTER CARP and SEQUIN CARP, targeting journalists and civil society groups.
- These campaigns, launched in April and June 2025, impersonate journalists, organizations, and technology firms in phishing emails aimed at stealing credentials or gaining access to accounts.
Organizations are advised to prioritize patching of Microsoft Exchange and IIS systems and deploy intrusion prevention systems to mitigate potential threats.
About Author
English