Home Cyber Security Chinese government agencies breached using VPN zero-day

Chinese government agencies breached using VPN zero-day

DarkHotel hackers
DarkHotel hackers

We have seen all kinds of hacks in the recent days related to the Coronavirus and some that are not related to the pandemic. However, it is fair to say that there has been a significant increase in the cases of hacking and we fear that those numbers are going to increase since everyone is working from home and not being the most secure they can be. Now, a new hacking report has emerged but this one is one that will please many as Chinese government agencies have been subject to a hack.

Now, why do we say that this report will be dear to people is because Chinese hackers and government has ordered hacks many times in different countries and companies. So this is a payback time for them and international hackers are now up to the task. It is known that this hack was conducted by DarkHotel hackers on government agencies in Beijing and Shanghai as well as other Chinese diplomatic missions abroad.

Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability. According to them, it was present inside Sangfor SSL VPN’s servers and it used to provide remote access to enterprise and government networks. This is similar to companies such as Parsec, TeamViewer and others which are doing the same for everyone outside of China.

Qihoo also stated that “more than 200 VPN servers that have been hacked in this campaign. The security firm said that 174 of these servers were located on the networks of government agencies in Beijing and Shanghai, and the networks of Chinese diplomatic missions operating abroad”

In a further report, Qihoo researchers revealed that “entire attack chain was sophisticated and very clever. Hackers used the zero-day to gain control over Sangfor VPN servers, where they replaced a file named SangforUD.exe with a boobytrapped version”.