Cicada Hacking Group Uses VLC for Launching Cyberattacks

A group of researchers has found that the popular VLC Media Player was used by Chinese hackers to launch cyberattacks. Cicada, a hacker gang that operates through several different identities, including menuPass, Stone Panda, APT10, Potassium, and Red Apollo, has been linked to these actions. Cicada has been present since 2006.

The virus that was transmitted to the victims allows hackers to access a wide range of data. It can provide access to all aspects of the system, search through running processes, and download files on command, all of which increase the potential for abuse. Such covert operations are not unusual, but this one appears to have been large-scale.

Cicada Hacking Group Uses VLC for Launching Cyberattacks

This espionage campaign, which involves the popular VLC Media Player, appears to have begun. The targets include a wide spectrum of entities involved in legal, governmental, or religious activity, according to a report by Bleeping Computer. Non-governmental organizations (NGOs) have also been singled out for attack. Perhaps much more astonishing is the fact that these attacks have been extended to at least three continents.

The United States, Hong Kong, India, Italy, and Canada are among the countries that have been targeted. Only one of the victims was from Japan, which was a bit surprising. After gaining access to the victim’s computer, the attackers were able to keep it running for up to nine months.

VLC was used to spread malware, but the file itself was clean. It appears that a secure version of VLC was coupled with a malicious DLL file in the same location as the media player’s export functions. This is known as DLL side-loading, and Cicada isn’t the only one who uses it to inject malware into otherwise secure apps.

Cicada’s unique loader was reportedly utilized in prior attacks linked to the hacker group. A Microsoft Exchange server was used to get access to the networks that were compromised first. In addition, a WinVNC server was installed to allow remote control of the systems infected with the concealed virus.

Furthermore, an exploit known as Sodamaster was employed, which runs silently in system memory without the need for any files. It has the ability to avoid detection and postpone execution upon startup.

Get to know about The Best Wifi Hacking Apps for Android.

Although these attacks are unquestionably dangerous, not every VLC user needs to be concerned. The media player was found to be virus-free, and the hackers appear to have taken a very targeted strategy, focusing on certain organizations. When it comes to PCs, however, it’s always crucial to stay on top of security.

Check out? National Cyber Security Policy Emphasizes Digital Transformation & Mitigation of Cyber Attacks.

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel