Surveillance cyber group of Chinese Moshen Dragon targets Asian telcommunication
Moshen Dragon hacking group uses a sceptical evolving approach to counter and target attacks to telecommunication firms.
Anti-virus product from kaspersky, bitdefender, symantec requires high privileges, agreement and policy which must be accepted before installation, this enables hackers to install malicious load that can breach sensitive information from data systems.
Hackers can infiltrate malicious DLL to run codes on machine without any error alert message to the users because these AV product are inline with windows operating system.
Windows Management Instrumentation (WMI) allows running of remote code and lateral movement from a python kit, impacted deployed by the mighty hacker called Moshen Dragon.
Loader was present in US government. According to avast researchers in their discovery found that the loader analyzed by sentinel labs was discovered again in December, 2021.
With the consistence interference of Moshen Dragon in attacks in telecommunication firms, thus resulting to loss and damage of sensitive data and infrastructures. Malicious loads are installed as application packages which records all compilations of the firm compliance and policy.
In relations with Moshen dragon who aims to implement deceptive mode of operations to reach multiple target in deploying unauthorized loads to the system. It makes the researchers, consultant expert to focus on a different sector while Moshen Dragon would successfully accomplish his goal.
Unknowingly, multiple Chinese APTs use the particular loader for their daily activities. This should be addressed by the US government by providing security tools that can detect malicious load and provide solutions to reduce this effect.
As these groups share similar features in their final payloads they deploy on target systems, it is quite certain they will use the same loaders too.
Necessary checks, windows updates and security tools should be regularly put in place that will overcome cyber-espionage from hackers as they deploy rapid deceptive act on target systems