This major Chinese VPN provider has been hacked
The DarkHotel hacking group has reportedly struck again
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
As governments around the world continue to deal with thecoronavirus pandemic, a hacking group with potential ties to South Korea has launched an espionage campaign against the Chinese government.
TheDarkHoteladvanced persistent threat group has compromised over 200VPNservers in order to infiltrate a number of Chinese institutions and government agencies, according to a new report from Qihoo 360.
In one case, the hacking group exploited a previously unknown vulnerability in the enterprise VPN software Sangfor SSL and then installed malicious software onto victim’s machines in order to collect user data.
The timing of the attack also coincided with new instructions from the Chinese government which urged citizens towork from homein order to help stop the coronavirus' spread.
DarkHotel hacking group
While Qihoo 360 believes that the DarkHotel hacking group was behind this latest series of attacks, other security researchers aren’t so sure. In apost on Twitter, principal security researcher atKaspersky, Brian Bartholomew argued that the Beijing-based security firm did not provide the necessary evidence to tie DarkHotel to these attacks, saying:
“I’m going to be a bit blunt here. This write up is full of speculation, no evidence this was actually DatkHotel, and a ton of confirmation bias about targeting because of Covid. Not saying they’re wrong, but in the future, there needs to be more supporting data to support claims.”
VPN services are helping to keepremote workersall over the world secure as they work from home during the coronavirus pandemic which is why we’ve seen an increased number of attacks targeting them. In itsreport, Qihoo 360 explained that VPNs are vital to Chinese businesses during this trying time, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Imagine it, with the spreads of the coronavirus pandemic, Chinese enterprises and institutions abroad have all adopted the remote working mode and employees in each unit will establish contact with the headquarters and transfer all sensitive data through the VPN. If the VPN server is compromised at this moment, the consequences will be unimaginable.”
Whether or not DarkHotel is behind this latest series of attacks still remains to be proven but hopefully other security researchers will now begin to look into the matter to see if Qihoo 360’s claims are true.
ViaCyberScoop
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
3 reasons why PIA fell in our best VPN rankings
Is it still worth using Proton VPN Free?
Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case
