Soldier
Regular
- Joined
- 20.10.20
- Messages
- 88
- Reaction score
- 739
- Points
- 83
Chinese cybercrime group APT is suspected of hacking the network of a Mongolian software company and hacking a chat app used by hundreds of Mongolian government agencies.
According to experts from ESET, the attack occurred in June of this year. Hackers attacked an application called Able Desktop, developed by a local company Able Software. The app is an add-on that provides instant messaging for the company's main product, the HR management platform. The platform is used by more than 430 government agencies in Mongolia, including the Office of the President, the Ministry of justice, the Ministry of health, and various local law enforcement agencies and authorities.
As reported by ESET, due to its widespread use among government employees, the app has been the target of cyber attacks since at least 2018. During the first attacks, the criminals tried to introduce the HyperBro backdoor and the PlugX remote access Trojan into the Able Desktop application and distributed Trojan versions of the application installer via email.
In June 2020, attackers appear to have been able to hack into the Able backend and compromised the system that delivers software updates to all Able software applications. Hackers used this system at least twice to distribute the malware-infected Able Desktop chat app through a legitimate update mechanism. To carry out these attacks, the attackers again used the HyperBro backdoor, but replaced PlugX with Tmanager as a component for remote access.
According to experts from ESET, the attack occurred in June of this year. Hackers attacked an application called Able Desktop, developed by a local company Able Software. The app is an add-on that provides instant messaging for the company's main product, the HR management platform. The platform is used by more than 430 government agencies in Mongolia, including the Office of the President, the Ministry of justice, the Ministry of health, and various local law enforcement agencies and authorities.
As reported by ESET, due to its widespread use among government employees, the app has been the target of cyber attacks since at least 2018. During the first attacks, the criminals tried to introduce the HyperBro backdoor and the PlugX remote access Trojan into the Able Desktop application and distributed Trojan versions of the application installer via email.
In June 2020, attackers appear to have been able to hack into the Able backend and compromised the system that delivers software updates to all Able software applications. Hackers used this system at least twice to distribute the malware-infected Able Desktop chat app through a legitimate update mechanism. To carry out these attacks, the attackers again used the HyperBro backdoor, but replaced PlugX with Tmanager as a component for remote access.