ShiftDelete.net
FOLLOW US

HTML Smuggling: Chinese hackers infiltrate! Europe’s ministries at risk

Chinese hackers employ HTML smuggling techniques to deliver PlugX trojan onto European ministries' systems, raising new cybersecurity threats.

HTML Smuggling: Chinese hackers infiltrate! Europe’s ministries at risk

The cyber-security world is shaken by a recent discovery. Chinese nation-state groups have used clever HTML smuggling tactics, targeting European Foreign Affairs ministries and embassies. Their goal: to plant the dangerous PlugX remote access trojan on compromised systems.

An intriguing new method

This activity, coined SmugX, has reportedly been ongoing since December 2022. The hackers use innovative delivery methods to deploy the trojan, according to Check Point, a well-known cybersecurity firm. “Although the payload itself remains similar to the one found in older PlugX variants, its delivery methods result in low detection rates, which until recently helped the campaign fly under the radar,” they noted.

There’s a hint that the infamous Mustang Panda could be the group behind this operation. Still, Check Point cautioned that there’s “insufficient evidence” at this point to decisively attribute it to this adversarial collective.

HTML Smuggling explained

The latest attack sequence is notable due to its usage of HTML Smuggling, a technique where legitimate HTML5 and JavaScript features are manipulated to assemble and launch the malware. This technique is used in the decoy documents attached to spear-phishing emails.

In simple terms, HTML smuggling stores a binary in an immutable blob of data within JavaScript code. Trustwave, another cybersecurity firm, pointed out that this data blob gets decoded into a file object when opened via a web browser.

Who is at risk?

Analysts have examined documents uploaded to the VirusTotal malware database, which reveal the hackers are focusing on diplomats and government entities in multiple European countries. Nations under threat include Czechia, Hungary, Slovakia, the U.K., Ukraine, and possibly France and Sweden.

The world of cybersecurity

One instance of attack reported involved the use of an Uyghur-themed lure that, when opened, connected to an external server to exfiltrate reconnaissance data. The hackers deploy a multi-stage infection process that uses DLL side-loading methods to decrypt and launch the final payload, PlugX.

PlugX, or Korplug, is a modular trojan dating back to 2008. It accommodates diverse plugins that allow the operators to carry out file theft, screen captures, keystroke logging, and command execution.

Our readers, what are your thoughts on this new form of cyber attack? Do you believe that greater measures need to be implemented to combat these threats? Please share your thoughts with us in the comments section below!

Chinese Hackers
HTML Smuggling

SDN Comments 0 Comments

Comment

HOW TOAll

Related News

Samsung’s One UI 7 road map has been revealed!
Samsung’s One UI 7 road map has been revealed!
Flagship killer POCO F7 is on its way global!
Flagship killer POCO F7 is on its way global!
WhatsApp announces voice message transcripts feature
WhatsApp announces voice message transcripts feature
24 GB RAM and 1.5K screen: Nubia Z70 Ultra introduced!
24 GB RAM and 1.5K screen: Nubia Z70 Ultra introduced!

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio