Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Chinese Hackers Toolkit Uncovered And Activity History Uncovered

Oct. 29, 2024, 1:27 p.m.

Description

A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical organizations. They employed advanced privilege escalation tools and operated a C2 infrastructure using Cobalt Strike and Viper framework. The hackers also created a custom ransomware variant based on LockBit 3.0. Their activities extended across multiple Asian countries, focusing on government, education, health, and logistics sectors. The group used proxy servers to conceal their location and employed various hacking tools, including WebLogicScan, Vulmap, Xray, and dirsearch.

Date

Published: Oct. 28, 2024, 3:48 p.m.

Created: Oct. 28, 2024, 3:48 p.m.

Modified: Oct. 29, 2024, 1:27 p.m.

Indicators

43.228.89.247

43.228.89.246

43.228.89.245

163.53.216.157

116.212.120.32

115.126.107.244

103.228.108.247

Attack Patterns

Xray

WebLogicApp

Vulmap

You Dun

T1588.002

T1021

T1573

T1486

T1082

T1105

T1083

T1595

T1102

T1190

T1090

T1078

T1068

CVE-2021-25003

Additional Informations

Healthcare

Transportation

Education

Government

Iran, Islamic Republic of

Taiwan

China

Thailand