As governments around the world continue to respond to the coronavirus pandemic, a group of hackers with possible ties to South Korea have launched a spy campaign against the Chinese government. Advanced persistent threat group DarkHotel has compromised more than 200 VPN servers to infiltrate various Chinese government institutions and agencies, according to a new report from Qihoo 360. In one case, the hacking group exploited a previously unknown vulnerability in VPN software. corporate Sangfor SSL, then installed malware on the victims' machines to collect user data. The timing of the attack also coincided with new instructions from the Chinese government, which urged people to work from home to help stop the spread of the coronavirus.
DarkHotel Hack Group
While Qihoo 360 believes that the DarkHotel hacking group was behind this latest round of attacks, other security researchers aren't so sure. In a post on Twitter, Kaspersky's chief security researcher, Brian Bartholomew, argued that the Beijing-based security company had failed to provide the necessary evidence to link DarkHotel to these attacks, saying: "I'm going to be a bit blunt here. This article is full of speculation, no evidence that it was actually DatkHotel, and loads of confirmation bias regarding targeting due to Covid, I'm not saying they're wrong, but more data will be needed in the future. backing to support the claims." VPN services help protect remote workers around the world when working from home during the coronavirus pandemic, which is why we've seen an increasing number of attacks targeting them. In its report, Qihoo 360 explained that VPNs are vital for Chinese companies during this difficult time, saying, "Imagine, with the spread of the coronavirus pandemic, overseas Chinese companies and institutions have adopted the way of working remote and the employees of each unit will establish contact with the headquarters and transfer all sensitive data through the VPN If the VPN server is compromised at this time, the consequences will be unimaginable." It remains to be seen if DarkHotel is behind this latest round of attacks, but I hope other security researchers start looking into the problem to see if the Qihoo 360's claims are true.- Also check out our full list of the best VPN services