Chinese hackers reportedly uses new Windows malware to backdoor govt. defense organizations

Recently Kaspersky linked a threat attack campaign with a Chinese APT group tracked as TA428. There were a series of attacks detected in the month of January, which used new Window malware to backdoor government entities and organizations in the defense industry from countries in Eastern Europe. 

The TA428 is widely known for its information theft and espionage focus. They attack organizations in Asia and Eastern Europe. 

The threat actors have compromised the networks of dozens of targets. In some cases, they even took control of their entire IT infrastructure. They did so by hijacking systems used to manage security solutions. 

Kaspersky ICS CERT researchers stated that the attack’s target was industrial plants, design bureaus and research institutes, government agencies, ministries and departments in several East European countries. The East European countries in this context includes Belarus, Russia and Ukraine. 

The researchers also asserted that analysis reports drew conclusions that cyberespionage was the goal of this series of attacks. 

The Chinese cyberspies used spear phishing emails that contained confidential information to achieve their goal. The confidential information was about the targeted organizations and malicious code exploiting the CVE-201-11882 Microsoft Office vulnerability. This vulnerability was used to deploy PortDoor malware. 

PortDoor was also used to execute coordinated attacks by Chinese backed hackers in April 2021 through spear phishing. In the next stages of attacks, the attack group installed additional malware linked to TA428 in the past and a new malware strain named CotSam. 


Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More
Chinese HackersCotSamTA428Windows Malware