- Google warns of continuous captive attacks in captivity
- Captive portals were abused to redirect people to fake Adobe -Update Venues
- The “updates” implemented different malware and back doors
Google has issued a warning of a Chinese state -sponsored hacking attack targeting real -time users.
The company’s CyberSecurity arm, Google Threat Intelligence Group (GIRL), released a new blog that outlined how it saw “proof that a trapped portalkapak was used to deliver malware disguised as an Adobe plugin update to targeted devices.”
Apparently, this campaign is the work of a group known as UNC6384, a Chinese state-sponsored actor, possibly tied to Silk Typhoon, a group known for cyber-espionage campaigns against the government, critical infrastructure and Telco organizations in the West. According to Google Diplomats in Southeast Asia as well as other devices around the world, the campaign targeted.
False security updates
A caught portal is essentially a login page. It usually shows up on public networks, such as at airports or in coffee shops – just after joining the network, but before you have access to the public internet. Sometimes it asks users to register an account, and sometimes it is enough to see an ad and click on “Connect” to access.
Now, Google claims that the Chinese compromised edge units on these target networks (routers, firewalls, VPN gateways and such) and then used the occurrences to hijack portals and redirect visitors to a malicious destination page.
Visitors are then asked to download a “security update” to Adobe, which is actually malware. The original payload, an MSI package, installs stage to malware including canon sticks and sogu.sec. The latter is a back door that connects to the striker-controlled C2 server and provides unabated access to the target computer.
Google first observed this attack in March this year and sent warnings to Gmail and Workspace users.
Each time China is accused of participating in cyber warfare against its opponents in the West, it denies any involvement and repeats its attitude that the United States is the biggest cyber-bully right now.
