• Sign in
  • 1744009905_435.svg 1744009905_642.svg

  • Latest news
  • Top headlines
  • Most read
  • Columnists
O'zbekcha
Ўзбекча
Русский
  • O'zb
  • Ўзб
  • Рус
  • Eng
  • O'zb
  • Ўзб
  • Рус
  • Eng
  • Latest news
  • Top headlines
  • Most read
  • Columnists
    • USD12559.26
    • RUB160.17
    • EUR14413.01
    • Google play
    • App Store
    • Telegram
    • Tashkent
      +30°C
      • Andijan
      • Karshi
      • Bukhara
      • Samarkand
      • Ferghana
      • Sirdarya
      • Jizzakh
      • Termez
      • Namangan
      • Tashkent
      • Navoiy
      • Tashkent reg
      • Nukus
      • Urgench
    • Daryo
      • About Daryo
      • Editorial office
      • Contact us
      • Terms of use
      • Privacy policy
      • News archive
    • Advertisement
    • Social networks
      • Instagram | Main
      • Instagram | Lifestyle
      • Instagram | Sport
      • Facebook | Main
      • OK | Main
      • YouTube | Daryo
      • YouTube | Daryo in Russian
      • YouTube | Daryo Global
    Telegram Youtube Facebook Instagram Twitter vkontakte
    Daryo logo white
    • Uzbekistan
      • Others
      • Navoi
      • Tashkent region
      • Syrdarya
      • Jizzakh
      • Kashkadarya
      • Surkhandarya
      • Khorezm
      • Bukhara
      • Samarkand
      • Namangan
      • Fergana
      • Andijan
      • Karakalpakstan
      • Tashkent City
      • DaryoKindness
      • Weather
    • Central Asia
      • Uzbekistan
      • Afghanistan
      • Kyrgyzstan
      • Kazakhstan
      • Turkmenistan
      • Tajikistan
    • World
    • Money
      • Business
      • Economics
      • Finance
      • Crypto
    • Culture
      • Movies
      • Books
      • Music
      • Celebrities
    • Lifestyle
      • Women only
        • Children
        • Beauty
        • Carrier
        • Advises
        • Fashion
        • Recipes
      • Technology
        • Architecture
        • Gadjets
        • Science
        • Space
        • Media
      • Auto
      • Entertainment
      • Travel
      • Health
      • Education
        • Entrant
        • Learn english
    • Sport
      • Football
      • UFC
      • Boxing
    infinix
    Daryo.uz - Login
    Daryo.uz Daryo.uz
    Daryo.uz - Login
    Technology

    China-linked hackers target Uzbekistan and South Korea with SugarGh0st malware: Cisco reveals

    China-linked hackers target Uzbekistan and South Korea with SugarGh0st malware: Cisco reveals

    Hackers believed to be based in China are actively targeting the Uzbekistan Ministry of Foreign Affairs and individuals in South Korea using a strain of malware identified as SugarGh0st, Cisco reported. 

    Hackers targeting the Uzbekistan Ministry of Foreign Affairs and individuals in South Korea
    Photo: Hackers targeting the Uzbekistan Ministry of Foreign Affairs and individuals in South Korea
    Source: Cisco

    Cisco's blog, published on November 30, shed light on the ongoing cyber-espionage campaign, linking the malware to the infamous Gh0st RAT tool, a long-standing weapon in the arsenal of advanced persistent threat (APT) groups globally.

    As per researchers from Cisco Talos, the Chinese-speaking threat actor initiated the attacks in August, deploying four samples as part of the campaign. One of these samples was specifically sent to users within Uzbekistan's Ministry of Foreign Affairs. The decoy document, purportedly related to an investment project and featuring content referencing a presidential decree about technical regulation, was used as bait.

    The initial attack vector is believed to involve a phishing email containing a malicious RAR file attachment. The decoy document exploited content sourced from various Uzbekistan publications in 2021 to lure recipients into opening the attachment. Additionally, three more decoy documents written in Korean were identified by the researchers.

    Attach chain involves phishing email containing RAR file attachment.
    Photo: Attach chain involves phishing email containing RAR file attachment.
    Source: Cisco

    The campaign's likely origin points to China or a Chinese-speaking actor, as two of the decoy files were last modified by names written in Simplified Chinese. Cisco Talos emphasized that Chinese threat actors have a history of utilizing Gh0st RAT variants and targeting organizations and individuals in Uzbekistan. Gh0st RAT, initially created by a Chinese group, saw its source code publicly released in 2008.

    SugarGh0st, being a customized variant, enhances the hackers' reconnaissance capabilities, allowing specific searches for keys, file extensions, and more. It also facilitates the delivery of customized commands while evading detection. The malware encompasses features for full remote control, real-time and offline keylogging, webcam access, and the ability to download and execute arbitrary binaries on the infected host.

    "SugarGh0st can collect the victim’s machine hostname, filesystem, logical drive, and operating system information," Cisco Talos researchers explained.
    Chinese threat actors previously employed a customized version of the Gh0st RAT,
    Photo: Chinese threat actors previously also employed a customized version of the Gh0st RAT
    Source: Google Images

    The malware can manage the machine's service manager, take screenshots, access the victim's machine camera, and perform various file operations.

    Notably, Chinese threat actors previously employed a customized version of the Gh0st RAT, as reported by Symantec in the past year. These hackers targeted an IT service provider operating across multiple Asian countries, government agencies, and enterprises involved in IT services, aerospace, and electric power industries in Russia, Georgia, and Mongolia.

    Last year also witnessed a broader campaign by Chinese actors using Gh0st RAT, targeting organizations and governments in Afghanistan, Bhutan, India, Nepal, Pakistan, and Sri Lanka, as observed by various cybersecurity firms. 

     

    Follow Daryo's official Instagram and Twitter pages to keep current on world news.

    04.12.2023, 22:19   Comments (0)   4416
    Facebook Twitter LinkedIn Telegram Email

    Comments (0)

    Sign in
    Leave A Reply Cancel

    On this topic

    Hackers target e-signature system in Kazakhstan

    06.09.2023, 17:49

    Russian hackers cause cybercrime surge in Turkey

    10.09.2023, 23:58

    Hackers breach "Sirena-Travel" booking system database, exposing 664mn flights in 16 years

    23.09.2023, 01:53

    Navigating ESG transformation: insights from Fanda's Business Development Director at Uzbekistan Conference

    04.12.2023, 19:07

    Uzbekistan takes part in "InMerge" innovation summit in Azerbaijan 

    04.12.2023, 12:04

    Chris Do unveils social media revolution in marketing: from gatekeepers to influencers [Video] 

    24.11.2023, 17:35
    ×Lightbox Image

    Daryo.uz | Solution to your problems


    Beepul 's rising popularity: 3.5x user growth, transaction up 2.3x in 2024


    Beeline Uzbekistan started 2025 with a significant network modernization


    More than 500,000 new users: residents of Uzbekistan choose the Hambi superapp


    Don't want to waste time standing in lines? Pay your utility bills through the Ipoteka Retail mobile app?

     

    Recommended

    Iran as the pressure point: How Washington’s campaign against Tehran seeks to undercut China and Russia - and why Central Asia risks the fallout

    19 June, 12:24

    "Visa simplification with Uzbekistan could be on the table," EU Ambassador Klaar points out

    11 June, 12:12

    “Uzbekistan is undergoing large-scale reforms and transformation,” says EU business leader at TIIF

    11 June, 08:34

    Central Bank warns half of monthly income goes to loans as debt burden rises in Uzbekistan

    3 June, 12:34
     
     
     

    Latest news

    Uzbekistan, Afghanistan ink $9.5mn leather footwear export deal

    Uzbekistan | 21 June, 15:50

    Locusts sweep across 500,000 hectares in Uzbekistan as authorities intensify control measures

    Uzbekistan | 21 June, 12:32

    Uzbekistan's Kashkadarya region poised for $15bn growth as Mirziyoyev pushes reforms and investment

    Uzbekistan | 21 June, 10:36

    Kazakhstan boosts waste recycling from 1% to 25% in a decade, targets 40% by 2030

    Kazakhstan | 20 June, 15:30

    Uzatom, Rosatom sign agreement to explore feasibility of high-capacity nuclear plant in Uzbekistan

    Uzbekistan | 20 June, 14:36

    Uzbekistan signs $68mn in export contracts at Turkic States Trade Forum in Baku

    Uzbekistan | 20 June, 12:34

    Brilliant minds of Uzbekistan: How one woman from Tashkent is shaping the future of legal AI - interview with Malika Khikmatillaeva

    Uzbekistan | 20 June, 11:00

    Uzbekistan fines 13 banks in May amid heightened regulatory scrutiny

    Uzbekistan | 20 June, 10:30
    Daryo About Us

    Full reproduction or partial quoting of material, as well as the use of photographic, graphic, audio and/or video materials of Daryo (the Uzbek Press and Information Agency (UzAPI, now the Agency for Information and Mass Communications under the Presidential Administration of the Republic of Uzbekistan) is registered on 13.03.2015 with certificate number No. 0944 as a mass media) is allowed if there is a hyperlink to the website daryo.uz and/or are accompanied by a note indicating the authorship of the online publication Daryo. Individual publications may contain information that is not intended for users under the age of 18. Info@daryo.uz

    Telegram Youtube Facebook Instagram Twitter vkontakte

    © Simple Networking Solutions, 2013–2025

    Age restriction

    Did you find a bug? Press Ctrl + Enter

    • Terms of use
    • Privacy policy
    • Advertisement
    What are we going to search for?

    Sign In or Register

    Welcome Back!

    Login below or Register Now.

    Google

    or with email

    Leaving a comment, Пользовательского соглашения and Политики конфиденциальности

    Register Now

    Already registered? Login.

    Google

    or with email

    A password will be e-mailed to you.

    Leaving a comment, Пользовательского соглашения and Политики конфиденциальности

    Found an error in the text?

    ×

    Thank you. We have received your message and will fix the error as soon as possible.