Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Chinese Threat Actors. Show all posts
Sharp Dragon
Africa Chinese Threat Actors Cyber Security cyber threat phishing Sharp Dragon

Sharp Dragon Shifts Cyber Attacks to New Frontiers: Africa and the Caribbean


Check Point Research has been monitoring Sharp Dragon, a Chinese cyber threat group, since 2021. This group, previously known as Sharp Panda, has primarily targeted organisations in Southeast Asia with phishing campaigns. Recently, however, they have expanded their activities to include government organisations in Africa and the Caribbean, marking a significant change in their strategy.

Starting in late 2023, Sharp Dragon shifted its focus to government entities in Africa and the Caribbean. They used previously compromised email accounts from Southeast Asia to send phishing emails. These emails contained documents that appeared legitimate but were actually designed to deliver Cobalt Strike Beacon malware, replacing their earlier use of VictoryDLL and the Soul framework.

The first attack targeting Africa occurred in November 2023, involving a phishing email about industrial relations between Southeast Asia and Africa. By January 2024, further attacks within Africa suggested that some initial attempts had been successful. Similarly, in December 2023, Sharp Dragon targeted a Caribbean government with a document related to a Commonwealth meeting. This was followed by a broader phishing campaign in January 2024, using a fake survey about opioid threats in the Eastern Caribbean.

Sharp Dragon has been refining its tactics. Their new approach includes more thorough checks on target systems before deploying malware. They now use Cobalt Strike Beacon, which allows them to control infected systems without exposing their custom tools immediately. This change helps them avoid detection and gather more information on their targets.

They have also shifted from using DLL-based loaders to executable files disguised as documents. These files write and execute malicious software and create scheduled tasks for persistence on the infected system.

Another major change is Sharp Dragon's use of compromised servers for their command and control operations. Instead of using dedicated servers, they exploit legitimate servers, making their activities harder to detect. For example, in May 2023, they used a vulnerability in the GoAnywhere platform to take over legitimate servers.

Sharp Dragon's new focus on Africa and the Caribbean shows a broader effort by Chinese cyber groups to increase their influence in these regions. After years of targeting Southeast Asia, Sharp Dragon is using its established tactics to gain foothold in new territories. Their refined methods and careful target selection highlight the need for enhanced cybersecurity measures in these regions, which have yet to be as heavily scrutinized by the global cybersecurity community.


Read more »
Online fraud
Chinese Threat Actors Cyber Security Digital Money Indian ED Agency Online fraud

Chinese Loan Apps Fraud: Indian Agency Raids Razorpay, Paytm, Cashfree

 

On Saturday, The Indian law Enforcement Directorate agency (ED) carry out raids at nine premises connected to online payment gateways including Paytm, Cashfree, and Razorpay in Bengaluru. Also, some of these companies are believed to be involved in illegal betting. 

The official said the raids were conducted in connection with a money laundering case — part of an ongoing investigation against some illegal loan apps allegedly run by Chinese Nationals. 

The ED reported that the law enforcement agency successfully seized Rs 17 crore kept in “merchant IDs and bank accounts of these Chinese persons-controlled entities” during the raids. 

In a statement, a Razorpay spokesperson said: “Some of our merchants were being investigated by law enforcement about a year-and-a-half back. As part of the ongoing investigation, the authorities requested additional information to help with the investigation. We have fully cooperated and shared KYC and other details. The authorities were satisfied by our due diligence process”. 

Furthermore, the agency added that after it started working on probes, many of these companies shut down their business and diverted funds through fintech companies to buy crypto assets so the money could be laundered abroad. 

In this connection, the Law enforcement agency searched various premises associated with crypto exchange WazirX and froze Rs 64 crore in its accounts. 

Cashfree said its processes adhere to PMLA directions. “We extended our diligent cooperation to the ED operations, providing them the required and necessary information on the same day of inquiry. Our operations and onboarding processes adhere to the PMLA and KYC directions, and we will continue to do so in the time to follow,” said a company spokesperson. 

Additionally, in August 2020, the agency successfully ran a raid and froze Rs 47 crore belonging to a Chinese company that was running illegal betting and loan apps in India. Also, the agency conducted searches at 15 premises in connection with the company across Delhi, Mumbai Gurgaon, and Pune. 

The Directorate of Enforcement (ED) agency is Indian law enforcement and economic intelligence agency which works for enforcing economic laws and conducting legal battles against economic frauds and crimes in India.
Read more »
Subscribe to: Posts (Atom)