MOSCOW, August 8. /TASS/. A group of Chinese-speaking hackers attacked several government agencies and defense companies in Russia, as well as in Eastern Europe and Afghanistan, in early 2022, Kaspersky Lab reported, citing the Russian cybersecurity company’s experts who say those might have been cyber espionage attacks.
"In early 2022, Kaspersky Lab experts registered a wave of attacks on defense enterprises and government agencies in Afghanistan, Russia, and a number of countries in Eastern Europe. In a probe, attacks on more than a dozen companies were uncovered. The attackers’ goal might have been cyber espionage. Experts assume that the attacks may be related to a group of Chinese-speaking hackers, TA428," Kaspersky Lab’s press service said.
In a number of attacks, the hackers took control of the IT-infrastructure of some businesses. The hackers used phishing emails containing internal information that was unavailable in public sources at the time the attackers used it. The cyber group used full names of employees working on confidential data and internal code names for projects, experts said.
"Microsoft Word documents with a malicious code that exploits the CVE-2017-11882 vulnerability were attached to the phishing emails. It enables malware to take control of an affected system without any additional user action," the company explained.
Vyacheslav Kopeitsev, a security researcher at Kaspersky ICS CERT, warned that similar attacks could be repeated in the future and recommended companies and government agencies to stay on alert.