• Sign in
  • 1751972643_633.png 1751972643_245.png 1751959824_218.svg 1751959824_520.svg

  • Latest news
  • Top headlines
  • Most read
  • Columnists
O'zbekcha
Ўзбекча
Русский
  • O'zb
  • Ўзб
  • Рус
  • Eng
  • O'zb
  • Ўзб
  • Рус
  • Eng
  • Latest news
  • Top headlines
  • Most read
  • Columnists
    • USD12413.79
    • RUB154.86
    • EUR14468.27
    • Google play
    • App Store
    • Telegram
    • Tashkent
      +34°C
      • Andijan
      • Karshi
      • Bukhara
      • Samarkand
      • Ferghana
      • Sirdarya
      • Jizzakh
      • Termez
      • Namangan
      • Tashkent
      • Navoiy
      • Tashkent reg
      • Nukus
      • Urgench
    • Daryo
      • About Daryo
      • Editorial office
      • Contact us
      • Terms of use
      • Privacy policy
      • News archive
    • Advertisement
    • Social networks
      • Instagram | Main
      • Instagram | Lifestyle
      • Instagram | Sport
      • Facebook | Main
      • OK | Main
      • YouTube | Daryo
      • YouTube | Daryo in Russian
      • YouTube | Daryo Global
    Telegram Youtube Facebook Instagram Twitter vkontakte
    Daryo logo white
    • Uzbekistan
      • Others
      • Navoi
      • Tashkent region
      • Syrdarya
      • Jizzakh
      • Kashkadarya
      • Surkhandarya
      • Khorezm
      • Bukhara
      • Samarkand
      • Namangan
      • Fergana
      • Andijan
      • Karakalpakstan
      • Tashkent City
      • DaryoKindness
      • Weather
    • Central Asia
      • Uzbekistan
      • Afghanistan
      • Kyrgyzstan
      • Kazakhstan
      • Turkmenistan
      • Tajikistan
    • World
    • Money
      • Business
      • Economics
      • Finance
      • Crypto
    • Culture
      • Movies
      • Books
      • Music
      • Celebrities
    • Lifestyle
      • Women only
        • Children
        • Beauty
        • Carrier
        • Advises
        • Fashion
        • Recipes
      • Technology
        • Architecture
        • Gadjets
        • Science
        • Space
        • Media
      • Auto
      • Entertainment
      • Travel
      • Health
      • Education
        • Entrant
        • Learn english
    • Sport
      • Football
      • UFC
      • Boxing
    infinix
    Daryo.uz - Login
    Daryo.uz Daryo.uz
    Daryo.uz - Login
    Technology

    China-linked hackers target Uzbekistan and South Korea with SugarGh0st malware: Cisco reveals

    China-linked hackers target Uzbekistan and South Korea with SugarGh0st malware: Cisco reveals

    Hackers believed to be based in China are actively targeting the Uzbekistan Ministry of Foreign Affairs and individuals in South Korea using a strain of malware identified as SugarGh0st, Cisco reported. 

    Hackers targeting the Uzbekistan Ministry of Foreign Affairs and individuals in South Korea
    Photo: Hackers targeting the Uzbekistan Ministry of Foreign Affairs and individuals in South Korea
    Source: Cisco

    Cisco's blog, published on November 30, shed light on the ongoing cyber-espionage campaign, linking the malware to the infamous Gh0st RAT tool, a long-standing weapon in the arsenal of advanced persistent threat (APT) groups globally.

    As per researchers from Cisco Talos, the Chinese-speaking threat actor initiated the attacks in August, deploying four samples as part of the campaign. One of these samples was specifically sent to users within Uzbekistan's Ministry of Foreign Affairs. The decoy document, purportedly related to an investment project and featuring content referencing a presidential decree about technical regulation, was used as bait.

    The initial attack vector is believed to involve a phishing email containing a malicious RAR file attachment. The decoy document exploited content sourced from various Uzbekistan publications in 2021 to lure recipients into opening the attachment. Additionally, three more decoy documents written in Korean were identified by the researchers.

    Attach chain involves phishing email containing RAR file attachment.
    Photo: Attach chain involves phishing email containing RAR file attachment.
    Source: Cisco

    The campaign's likely origin points to China or a Chinese-speaking actor, as two of the decoy files were last modified by names written in Simplified Chinese. Cisco Talos emphasized that Chinese threat actors have a history of utilizing Gh0st RAT variants and targeting organizations and individuals in Uzbekistan. Gh0st RAT, initially created by a Chinese group, saw its source code publicly released in 2008.

    SugarGh0st, being a customized variant, enhances the hackers' reconnaissance capabilities, allowing specific searches for keys, file extensions, and more. It also facilitates the delivery of customized commands while evading detection. The malware encompasses features for full remote control, real-time and offline keylogging, webcam access, and the ability to download and execute arbitrary binaries on the infected host.

    "SugarGh0st can collect the victim’s machine hostname, filesystem, logical drive, and operating system information," Cisco Talos researchers explained.
    Chinese threat actors previously employed a customized version of the Gh0st RAT,
    Photo: Chinese threat actors previously also employed a customized version of the Gh0st RAT
    Source: Google Images

    The malware can manage the machine's service manager, take screenshots, access the victim's machine camera, and perform various file operations.

    Notably, Chinese threat actors previously employed a customized version of the Gh0st RAT, as reported by Symantec in the past year. These hackers targeted an IT service provider operating across multiple Asian countries, government agencies, and enterprises involved in IT services, aerospace, and electric power industries in Russia, Georgia, and Mongolia.

    Last year also witnessed a broader campaign by Chinese actors using Gh0st RAT, targeting organizations and governments in Afghanistan, Bhutan, India, Nepal, Pakistan, and Sri Lanka, as observed by various cybersecurity firms. 

     

    Follow Daryo's official Instagram and Twitter pages to keep current on world news.

    04.12.2023, 22:19   Comments (0)   4551
    Facebook Twitter LinkedIn Telegram Email

    Comments (0)

    Sign in
    Leave A Reply Cancel

    On this topic

    Hackers target e-signature system in Kazakhstan

    06.09.2023, 17:49

    Russian hackers cause cybercrime surge in Turkey

    10.09.2023, 23:58

    Hackers breach "Sirena-Travel" booking system database, exposing 664mn flights in 16 years

    23.09.2023, 01:53

    Navigating ESG transformation: insights from Fanda's Business Development Director at Uzbekistan Conference

    04.12.2023, 19:07

    Uzbekistan takes part in "InMerge" innovation summit in Azerbaijan 

    04.12.2023, 12:04

    Chris Do unveils social media revolution in marketing: from gatekeepers to influencers [Video] 

    24.11.2023, 17:35
    ×Lightbox Image

    Daryo.uz | Solution to your problems


    Beeline Uzbekistan started 2025 with a significant network modernization


    Beepul 's rising popularity: 3.5x user growth, transaction up 2.3x in 2024


    Don't want to waste time standing in lines? Pay your utility bills through the Ipoteka Retail mobile app?


    More than 500,000 new users: residents of Uzbekistan choose the Hambi superapp

     

    Recommended

    Uzbekistan’s foreign trade turnover up 19.9% y/y in 7M25, totaling $44.4bn

    21 August, 15:33

    Uzbekistan’s president announces fresh business support measures at open dialogue with entrepreneurs

    21 August, 09:05

    “Uzbekistan is a country open to the world and discovering the world for itself,” says President Mirziyoyev

    18 August, 15:48

    Uzbekistan’s bank capital jumps 20% y/y to $9.9bn as assets, loans, and deposits expand

    11 August, 13:12
     
     
     

    Latest news

    Kazakhstan bestows Order of “Altyn Kyran” on Kyrgyz President Sadyr Japarov

    Kyrgyzstan | 23 August, 15:31

    Uzbekistan sees growth in women-led enterprises, reaching 43,860

    Uzbekistan | 23 August, 13:45

    Uzbekistan, Turkmenistan, and Azerbaijan adopt joint statement, sign new cooperation agreements

    Uzbekistan | 23 August, 10:30

    Uzbekistan, Turkmenistan, and Azerbaijan strengthen cooperation on corridors, energy, and culture

    Uzbekistan | 22 August, 17:00

    Kyrgyzstan challenges Western sanctions, President Japarov appeals to Trump and Starmer

    Kyrgyzstan | 22 August, 16:39

    Uzbekistan, Turkmenistan trade tops $700mn since January as Mirziyoyev meets Berdimuhamedow

    Uzbekistan | 22 August, 14:10

    Uzbekistan sees 4% inflation in January–July 2025

    Uzbekistan | 22 August, 13:13

    Uzbekistan’s gas output drops 3.4% y/y to 25.3bn cubic meters in 7M25

    Uzbekistan | 22 August, 12:03

    Uzbekistan advances judicial reforms with new proposals approved by President Mirziyoyev

    Uzbekistan | 22 August, 10:30
    Daryo About Us

    Full reproduction or partial quoting of material, as well as the use of photographic, graphic, audio and/or video materials of Daryo (the Uzbek Press and Information Agency (UzAPI, now the Agency for Information and Mass Communications under the Presidential Administration of the Republic of Uzbekistan) is registered on 13.03.2015 with certificate number No. 0944 as a mass media) is allowed if there is a hyperlink to the website daryo.uz and/or are accompanied by a note indicating the authorship of the online publication Daryo. Individual publications may contain information that is not intended for users under the age of 18. Info@daryo.uz

    Telegram Youtube Facebook Instagram Twitter vkontakte

    © Simple Networking Solutions, 2013–2025

    Age restriction

    Did you find a bug? Press Ctrl + Enter

    • Terms of use
    • Privacy policy
    • Advertisement
    What are we going to search for?

    Sign In or Register

    Welcome Back!

    Login below or Register Now.

    Google

    or with email

    Leaving a comment, Пользовательского соглашения and Политики конфиденциальности

    Register Now

    Already registered? Login.

    Google

    or with email

    A password will be e-mailed to you.

    Leaving a comment, Пользовательского соглашения and Политики конфиденциальности

    Found an error in the text?

    ×

    Thank you. We have received your message and will fix the error as soon as possible.