Cybersecurity News that Matters

Cybersecurity News that Matters

Expert warns of Chinese hackers targeting APAC with zero-day vulnerability

Alex Shim, consulting leader for South Korea and Japan at Mandiant, a Google-owned cybersecurity firm, explains the threat landscape in 2023 during a press briefing held on Tuesday. Source: Mandiant at Google Cloud

by Kuksung Nam

Jun. 25, 2024
7:50 PM GMT+9

Chinese nexus threat groups are showing increased interest in exploiting zero-day vulnerabilities, raising alarm across the Asia-Pacific region, which is a primary target for these malicious attacks, according to a cybersecurity expert on Tuesday.

Alex Shim, the consulting leader for South Korea and Japan at Mandiant, a Google-owned cybersecurity firm, highlighted prominent threats targeting the APAC region during a press briefing at Google’s South Korea branch. His presentation was based on findings from the company’s annual report, “M-Trends,” which analyzed global threats over the past year.

The expert emphasized the increasing focus of Chinese hacking groups on exploiting zero-day vulnerabilities—unknown security flaws that can be abused undetected, leaving developers no time to patch them. In particular, he highlighted the activities of a suspected Chinese cyber espionage cluster, designated by the company as an uncategorized (UNC) threat group 4841. Mandiant classifies threat actors as UNC if they do not fall into either the advanced persistent threat (APT) or financially motivated (FIN) categories.

Alex Shim, consulting leader for South Korea and Japan at Mandiant, a Google-owned cybersecurity firm, discusses the threat landscape in 2023 during a press briefing on Tuesday. Photo by Kuksung Nam, The Readable

According to Shim, UNC4841 focused its activities on Asia-Pacific countries last year. The attackers exploited a zero-day vulnerability in an email security gateway application, a service designed to secure email transmission by filtering fraudulent messages. This allowed them to monitor overall online communications, facilitating their efforts to search for and exfiltrate the information they needed. The company traced these activities back to at least October 2022.

The expert pointed out that UNC4841 selects targets that serve the geopolitical and military interests of the Chinese government. According to the report, the threat actors focused their operations on individuals associated with the Ministry of Foreign Affairs in Southeast Asian countries and research organizations in Taiwan and Hong Kong. Shim did not disclose additional information on other countries targeted by the Chinese threat actors beyond those mentioned in the report.

The consulting leader revealed that the company has detected 17 cases of zero-day exploits linked to alleged Chinese nexus threat actors. Shim further warned of Chinese hackers targeting edge devices, which serve as network endpoints and facilitate data transmission between networks.

“Generally, attackers have used phishing attacks to obtain what they need. Many security measures have been implemented to counter these activities,” Shim explained. “Therefore, they are now turning to exploiting zero-day vulnerabilities in edge devices, which do not have equivalent protections.”

Related article: South Korea ranks as the most targeted country after US and Ukraine, US cyber firm reveals

Luke McNamara, a principal analyst at Mandiant, is presenting the company’s research findings at a press briefing at Google’s South Korean office on August 29, 2023. Photo by Kuksung Nam, The Readable

South Korea stands as one of the countries most frequently targeted by cybercriminals, trailing only behind the United States and Ukraine, an expert at a U.S. cybersecurity company revealed on Tuesday.

Luke McNamara, a principal analyst at Mandiant, a cybersecurity firm owned by Google, revealed during a press briefing at Google’s South Korean office that South Korea ranked third on the company’s “cyber threat risk score.” Drawing from both internal and public data from last year, the U.S.-based firm evaluated the cyber threat levels in twenty-five countries, excluding China and Russia.

According to McNamara, the “cyber threat risk score” considers both the frequency and potential impact of the attacks that a given country experiences. These attacks can vary in nature, encompassing everything from cybercrime and cyberespionage to information operations and hacktivism. For instance, while a country may frequently face distributed denial of service (DDoS) attacks, these may not be as devastating as malware attacks which target the operational technology used in critical infrastructure. READ MORE


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Kuksung Nam
    : Author

    Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights