Suspected China-linked hackers target Guyana government with new backdoor

Jason Macuray
A cyber espionage campaign has been targeting government agencies in Guyana with a previously undocumented backdoor used to harvest sensitive information, according to new research.

A cyber espionage campaign has been targeting government agencies in Guyana with a previously undocumented backdoor used to harvest sensitive information, according to new research.

Researchers at the Slovakia-based cybersecurity firm ESET named the backdoor DinodasRAT after the hobbit Dinodas in the Lord of the Rings. Alongside DinodasRAT, the hackers used a version of the Korplug backdoor, a tool commonly associated with China-aligned groups like Mustang Panda.

ESET identified the malicious activity within Guyana’s networks in February 2023, when its diplomatic relations with China were strained. During that same month, Guyana’s authorities arrested three people in a money laundering investigation involving Chinese companies, which drew objections from the Chinese embassy.

According to the research, the attack was targeted, as the threat actor designed its malicious emails to lure the victim organizations. The majority of these identified emails revolved around Guyana’s politics.

These emails had a link that, when clicked, downloaded a ZIP file from a compromised Vietnamese government website, which contained malware samples. Once the victim opened the ZIP file, their system was infected with DinodasRAT malware.

DinodasRAT is a remote access trojan developed in C++ programming language. It can exfiltrate files, manipulate Windows registry keys, and execute commands, the researchers said.

ESET didn’t disclose how successful the campaign was or what, if any, information the hackers were able to steal.

BriefsCybercrimeChinaGovernment
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Atlassian, Apple warn customers of zero-days used in attacks

Next Post

Florida court pauses many proceedings following cyberattack

Related Posts

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbsp
Avatar
Read More