Chinese Hackers Toolkit Uncovered And Activity History Uncovered
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical organizations. They employed advanced privilege escalation tools and operated a C2 infrastructure using Cobalt Strike and Viper framework. The hackers also created a custom ransomware variant based on LockBit 3.0. Their activities extended across multiple Asian countries, focusing on government, education, health, and logistics sectors. The group used proxy servers to conceal their location and employed various hacking tools, including WebLogicScan, Vulmap, Xray, and dirsearch.
OPENCTI LABELS :
cobalt strike,ransomware,sql injection,privilege escalation,lockbit 3.0,c2 infrastructure,cve-2021-25003,chinese hackers,viper framework,reconnaissance tools
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Chinese Hackers Toolkit Uncovered And Activity History Uncovered