Researchers discovered that China-based threat actors used the open-source monitoring tool Nezha during cyber intrusions affecting over 100 targets in Taiwan, Japan, South Korea, and Hong Kong. The campaign involved web shell hijacking, deployment of Nezha for command execution, and was potentially politically motivated, leveraging multiple malware families and web shell tools. #Nezha #GhostRAT #AntSword #ChinaNexus #APT
Keypoints
- China-linked actors used Nezha to control compromised servers during cyber campaigns.
- Their targets included regions with political disputes with China, such as Taiwan, Japan, and South Korea.
- Nezha was used alongside other malware, including Ghost RAT and AntSword, indicating sophisticated operations.
- The campaign affected over 100 systems, with swift compromises indicating high threat actor capability.
- The threat actorβs motives are uncertain but are suspected to be politically driven, possibly espionage or data theft.
Read More: https://therecord.media/china-linked-hackers-target-asian-orgs-monitoring-tool