China's National Computer Network Emergency Response Technical Team (CNCERT) has released a bombshell report detailing U.S.-linked cyberattacks on a major Chinese tech enterprise. The findings reveal advanced tactics to steal trade secrets and intellectual property. 🔍
How the Cyberattacks Unfolded
1️⃣ Initial Breach: Attackers exploited a vulnerability in the company’s document management system on August 19, 2024, stealing admin credentials to access backend servers.
2️⃣ Backdoor Deployment: By August 21, attackers implanted memory-only malware (no hard drive traces!) to collect sensitive data, transmitting files overseas via paths like /xxx/xxxStats.
3️⃣ Mass Infection: In November, 276 employee PCs were infected through a software upgrade server. Trojans scanned devices for keywords linked to the firm's work, deleting themselves after stealing 4.98 GB of data. 😱
Key Attack Tactics
⏰ Timed to U.S. working hours (10 AM–8 PM EST)
🌍 Proxy IPs masked via Germany/Romania servers
🛠️ Used open-source tools to avoid detection
CNCERT emphasized the attacks' sophistication, calling them 'highly targeted' with prepared keyword lists for data theft. The report underscores growing global cybersecurity challenges as tech rivalries heat up. 🌐
