Hacker group Cicada distributes ‘malware’ via VLC Player

VLC player on ipad and iPhone – LCV

MADRID, 8 Apr. (Portaltic/EP) –

A group of advanced persistent threats (APTs) known as Cicada is attacking institutions around the world, as well as non-governmental organizations (NGOs) and using as a means the free VLC player.

As explained by the technology company Broadcom Software, in recent months this group of cybercriminals, also known as APT10, has targeted organizations in Europe, Asia and North America.

Cicada’s activity was linked by the United States with the Chinese government in 2018 and mainly focused on companies related to Japan in its early stagesdated 2009.

Recently, connections of this group with attacks on managed service providers (MSP) have been found globally.

The attribution of this activity, which has taken place since mid 2021 to February 2022, It is based on the presence in infected networks of a personalized ‘malware’ that these cybercriminals use exclusively, called Sodamaster.

It is a fileless ‘malware’ that is capable of carrying out different actions, such as the download and execution of additional payloads or the modification of the username, the ‘host’ or the operating system.

As Symantec’s research team has been able to determine, a division of Broadcomthis activity has been detected on Microsoft Exchange servers, which could have been used to gain access to victims’ systems.

Other means of attack that these cybercriminals have exploited has been the free player vlc media player, in which they have been able to introduce this custom ‘malware’ through the application’s export function.

In addition, members of the Cicada network–also known as Stone Panda, Potassim, Bronze Riverside, or Team MenuPass–have used the tool WinVNC for remote control of the victims’ computers.

Cybercriminals have also used procedures such as the open source tool NBTScan, WMIExec or RAR files to carry out these attacks, mainly aimed at institutions related to the government and NGOs.

Some of the sectors in which these malicious actions have been concentrated include telecommunications, legal, education, pharmaceuticals and religion.

In addition, as Symantec has been able to verify, these have originated in the United States, Hong Kong, Canada, Turkey, Israel, India, Montenegro and Italy.

Related articles

Do you want to know your path to success? Choose a symbol of...

All human beings present in this world have a common goal: to be successful while they are alive. Although they want to “get...

Chantania

The open ending continues in the Senate with the Bases law as expected. The relationship of forces is different from Deputies; Everyone...

The Pope hugs an Israeli and a Palestinian and denounces the ‘historic defeat’ of...

This Saturday, May 18, Pope Francis embraced a Israeli and a Palestinian who have lost relatives in the current warwhich he called a "historic...