Chinese Cyber-Espionage Group Hacked Government Data Center

Catalin Cimpanu, writing for BleepingComputer: A Chinese-linked cyber-espionage unit has hacked a data center belonging to a Central Asian country and has embedded malicious code on government sites. The hack of the data center happened sometime in mid-November 2017, according to a report published by Kaspersky Lab earlier this week. Experts assigned the codename of LuckyMouse to the group behind this hack, but they later realized the attackers were an older Chinese threat actor known under various names in the reports of other cyber-security firms, such as Emissary Panda, APT27, Threat Group 3390, Bronze Union, ZipToken, and Iron Tiger.

What's so special about this?

[Zontar+The+Mindless]

If msmash had actually RTFA, she might have noticed (emphasis added):

Another detail that also stood out was that LuckyMouse appears to have hacked a MikroTik router to host the command and control server of the HyperBro RAT. Attackers would use this router to control and retrieve data from infected victims, putting an additional layer of anonymity between them, victims, and forensic investigators.

This is not the first time that nation-state hackers have used routers as part of their attack infrastructure, this being a very popular trend recently (let's not forget VPNFilter), but it is the first time they hosted a C&C server on one.

Have a great weekend!

--Z.