Suspected China-linked hackers goal Guyana authorities with new backdoor

A cyber espionage marketing campaign has been focusing on authorities businesses in Guyana with a beforehand undocumented backdoor used to reap delicate info, based on new analysis.

Researchers on the Slovakia-based cybersecurity agency ESET named the backdoor DinodasRAT after the hobbit Dinodas within the Lord of the Rings. Alongside DinodasRAT, the hackers used a model of the Korplug backdoor, a device generally related to China-aligned teams like Mustang Panda.

ESET recognized the malicious exercise inside Guyana’s networks in February 2023, when its diplomatic relations with China have been strained. Throughout that very same month, Guyana’s authorities arrested three folks in a cash laundering investigation involving Chinese language firms, which drew objections from the Chinese language embassy.

In response to the analysis, the assault was focused, because the risk actor designed its malicious emails to lure the sufferer organizations. The vast majority of these recognized emails revolved round Guyana’s politics.

These emails had a hyperlink that, when clicked, downloaded a ZIP file from a compromised Vietnamese authorities web site, which contained malware samples. As soon as the sufferer opened the ZIP file, their system was contaminated with DinodasRAT malware.

DinodasRAT is a distant entry trojan developed in C++ programming language. It may possibly exfiltrate information, manipulate Home windows registry keys, and execute instructions, the researchers mentioned.

ESET did not disclose how profitable the marketing campaign was or what, if any, info the hackers have been capable of steal.