A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.
The APT group, whose activity was spotted by Kaspersky ICS CERT researchers, focused on devices unpatched against CVE-2021-26855 known as ProxyLogon.
The threat actors had a considerable number of potential victims to target, seeing that the Dutch Institute for Vulnerability Disclosure (DIVD) found 46,000 servers unpatched against the ProxyLogon flaws one week after Microsoft patched them.
After breaching engineering computers within their targets’ building automation systems, the Chinese attackers could compromise other parts of the victims’ infrastructure, including but not limited to their information security systems.
Whereas analyzing the assaults, the researchers additionally discovered hyperlinks to a different Chinese language APT group, tracked by Microsoft as Hafnium, recognized to have additionally used Alternate ProxyLogon exploits.