A persistent cyber campaign, Stayin Alive, has been targeting Asian countries like Vietnam, Pakistan, Uzbekistan, and Kazakhstan’s telecommunications sector and government bodies since 2021.
Cybersecurity researchers from Check Point unveiled the campaign based on the deployment of loaders and downloaders, frequently employed as initial infiltration conduits against the prominent entities of the countries.
The researchers first came across the campaign’s maiden discovery, a CurKeep downloader homed in on Vietnam, Uzbekistan, and Kazakhstan. However, the researchers believe that the campaign has targeted countries across the entire Asian region.
The campaign has caught the attention of cybersecurity researchers due to the rudimentary nature of the tools it employs. These tools are disposable and showcase a wide variation among each other. The tools also do not share any discernible code resemblances with products from known cyber actors and exhibit scant resemblance to one another.
The researchers have traced the origins of the tools back to a common threat actor, ToddyCat, a Chinese-affiliated hacker group operating within the region.
The campaign resorts to spear-phishing emails as a means to deliver archive files through the use of DLL side-loading techniques. Researchers found that it exploits a vulnerability in Audinate’s Dante Discovery software (CVE-2022-23748) by taking over dal_keepalives.dll.
In their investigation, the researchers found that the campaign primarily focused on Vietnam, Pakistan, Uzbekistan, and Kazakhstan, with the telecommunications sector as a primary target for the hackers. They believe this is because the telecom infrastructure controls communication and is a storehouse of sensitive individual data that can be a goldmine for espionage and other purposes. The hackers can also sell this personal data on the dark web for huge profits.
Apart from the telecoms, the threat actors have also tried their hands on other government entities, particularly in Kazakhstan, including the National Certificate Authority and certexvpn, a VPN service used by Kazakh officials.
The threat actors originating from China have been wreaking havoc lately. Recently, it was discovered that China has been using the SmugX campaign in Europe. In 2022, it was reported that Chinese hackers are attacking Asian countries, targeting their building automation systems. In tandem with Russia, China has also conducted several cyber attacks on Ukraine.