{"id":4135,"date":"2024-06-21T07:00:00","date_gmt":"2024-06-21T12:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80778"},"modified":"2024-06-21T07:00:00","modified_gmt":"2024-06-21T12:00:00","slug":"chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/21\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find\/","title":{"rendered":"Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find | CyberScoop<\/title> <meta name=\"description\" content=\"The activity highlights a rapidly evolving, aggressive cyberespionage operation that played out across Africa, Europe, the Middle East and Asia, a Talos report says.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find\"> <meta property=\"og:description\" content=\"The activity highlights a rapidly evolving, aggressive cyberespionage operation that played out across Africa, Europe, the Middle East and Asia, a Talos report says.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-06-21T12:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-06-20T20:58:42+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1717605114g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1718292839g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1716385020g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80778\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.4\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80778\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80778 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"27.116504854369\">\n<div class=\"single-article__header-content\" readability=\"34.52508361204\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> The activity highlights a rapidly evolving, aggressive cyberespionage operation that played out across Africa, Europe, the Middle East and Asia, a Talos report says. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Hacker with covered face in his operating room with multiple displays. (Sutthichai Supapornpasupad\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"33.142810457516\"><body readability=\"66.725158562368\"><\/p>\n<p>An aggressive and prolific Chinese-speaking cyberespionage group has targeted the ministries of foreign affairs and embassies of at least nine countries across Africa, the Middle East, Europe and Asia, researchers with Cisco Talos said Friday, highlighting how hackers perhaps aligned with Beijing continue to evolve their operations to gather information about a variety of geopolitical hotspots.&nbsp;<\/p>\n<p>Using scanned government documents that, at times, were not available on the internet as lures, the hacking group dubbed \u201cSneakyChef\u201d appeared to be targeting government agencies in Angola, Turkmenistan, Kazakhstan, India, Saudi Arabia, South Korea, Uzbekistan, the U.S. and Latvia, according to <a href=\"https:\/\/blog.talosintelligence.com\/sneakychef-sugarghost-rat\/\">findings shared exclusively with CyberScoop<\/a> from Talos researchers Chetan Raghuprasad and Ashley Shen and members of the Yahoo Paranoids Advanced Cyber Threats Team.<\/p>\n<p>SneakyChef uses the SugarGh0st remote access tool, first <a href=\"https:\/\/blog.talosintelligence.com\/new-sugargh0st-rat\/\">made public by Talos in November<\/a>. The tool is a customized version of <a href=\"https:\/\/attack.mitre.org\/software\/S0032\/\">Gh0st RAT<\/a>, a <a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/details\/win.ghost_rat\">well-documented<\/a> remote access and data exfiltration tool used for years by various groups but first seen in <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/new-spookier-gh0st-rat-uzbekistan-south-korea\">Chinese-aligned operations in March 2008<\/a>.<\/p>\n<p>Friday\u2019s report from Talos also includes <a href=\"https:\/\/blog.talosintelligence.com\/new-spicerat-sneakychef\/\">a separate analysis of a new remote access trojan<\/a>, dubbed SpiceRAT, delivered to SneakyChef targets via the same email address.&nbsp;<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Taken together, the findings highlight an \u201caggressive\u201d and prolific hacking effort pushing the development of cyberespionage malware against targets in key geopolitical hotspots, said Vitor Ventura, lead security researcher at Talos.&nbsp;<\/p>\n<p>\u201cIn a relatively short amount of time there was a huge amount of activity by this actor, to the point that they developed another malware,\u201d Ventura told CyberScoop. \u201cThey are evolving really fast, and they are extremely aggressive.\u201d<\/p>\n<p>The group is so far being tracked as a distinct campaign or unit, Ventura said, and there is not yet sufficient evidence to tie it to any particular government agency or known contractor. A <a href=\"https:\/\/unit42.paloaltonetworks.com\/operation-diplomatic-specter\/\">May report from Palo Alto Networks Unit 42<\/a> classified some related activity as the work of a Chinese advanced persistent threat group (APT), denoting a typically state-sponsored group operating at a high level.<\/p>\n<p>In May, <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american\">researchers with Proofpoint identified SugarGh0st<\/a> being used in campaigns targeting organizations in the U.S. involved in artificial intelligence efforts, including academia, private industry and government service.<\/p>\n<p>In one example highlighted by Talos, the hackers used various non-public Indian documents to target the Indian Ministry of Foreign Affairs. In one case, a decoy Microsoft Word document contained lures related to India-U.S. relations, including a list of events related to India\u2019s prime minister and President Joe Biden, referencing interactions between the two up through September 2023.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2285067873303\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find-1.jpg?w=640&#038;ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/chinese-aligned-hacking-group-targeted-more-than-a-dozen-government-agencies-researchers-find\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chinese-aligned hacking group targeted more than a dozen government agencies,<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,724,302,2232,2233],"tags":[277,727,306,2234,2235],"class_list":["post-4135","post","type-post","status-publish","format-standard","hentry","category-china","category-cisco-talos","category-geopolitics","category-gh0st-rat","category-yahoo-paranoids","tag-china","tag-cisco-talos","tag-geopolitics","tag-gh0st-rat","tag-yahoo-paranoids"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco-talos\/\" rel=\"category tag\">Cisco Talos<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gh0st-rat\/\" rel=\"category tag\">Gh0st Rat<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/yahoo-paranoids\/\" rel=\"category tag\">Yahoo Paranoids<\/a>","tag_info":"Yahoo Paranoids","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4135"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4135\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}