Chinese Hackers Toolkit Uncovered And Activity History Uncovered
Oct. 29, 2024, 1:27 p.m.
Tags
External References
Description
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical organizations. They employed advanced privilege escalation tools and operated a C2 infrastructure using Cobalt Strike and Viper framework. The hackers also created a custom ransomware variant based on LockBit 3.0. Their activities extended across multiple Asian countries, focusing on government, education, health, and logistics sectors. The group used proxy servers to conceal their location and employed various hacking tools, including WebLogicScan, Vulmap, Xray, and dirsearch.
Date
Published: Oct. 28, 2024, 3:48 p.m.
Created: Oct. 28, 2024, 3:48 p.m.
Modified: Oct. 29, 2024, 1:27 p.m.
Indicators
43.228.89.247
43.228.89.246
43.228.89.245
163.53.216.157
116.212.120.32
115.126.107.244
103.228.108.247
Attack Patterns
Xray
WebLogicApp
Vulmap
You Dun
T1588.002
T1021
T1573
T1486
T1082
T1105
T1083
T1595
T1102
T1190
T1090
T1078
T1068
CVE-2021-25003
Additional Informations
Healthcare
Transportation
Education
Government
Iran, Islamic Republic of
Taiwan
China
Thailand