"China-linked Hacker Group Silently Controls Over 2,000 Systems... 457 in South Korea"

A hacking group linked to China has been found to have infiltrated and quietly controlled more than 2,000 systems worldwide.

On May 23, AhnLab and the National Cyber Security Center (NCSC) jointly released a report analyzing the cyberattack activities of the APT (Advanced Persistent Threat) group "TA ShadowCricket," which is believed to be associated with China.

ShadowCricket is believed to have been active since 2012. The group infiltrated systems by targeting remote access functions or database connections on externally exposed Windows servers and has been controlling more than 2,000 infected systems worldwide.

The report pointed out that, in particular, the group is characterized by maintaining covert control over compromised systems for extended periods after infiltration, without engaging in typical hacking behaviors such as demanding money or leaking information.

This group gains access by attempting random passwords, then installs backdoor malware that enables remote control of the system. The malware is embedded inside legitimate executable files, so users run them without suspicion.

AhnLab and the NCSC confirmed that more than 2,000 victim systems, including critical systems in actual operation, were connected to the group's servers and were being maintained in a state that could be exploited for additional attacks, such as distributed denial-of-service (DDoS) attacks, if necessary.

By country, there were 895 affected systems in China, 457 in South Korea, 98 in India, 94 in Vietnam, 44 in Taiwan, 38 in Germany, 37 in Indonesia, 31 in Thailand, and 25 in the United States.

To prevent damage, users are advised to keep Windows operating systems and other software up to date and to check whether settings that allow external access are open. Passwords should be set to be complex, and multi-factor authentication should be applied whenever possible.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.