A malware linked to a Chinese hacking group has managed to spread to Europe, thanks to its ability to “self-propagate,” over USB thumb drives, a cybersecurity vendor says.
The findings come from Check Point, which investigated(Opens in a new window) a malware attack at a health institution in Europe earlier this year. The technical evidence shows the malware bears similarities with attacks from a Chinese espionage group dubbed Mustang Panda.
The cybersecurity vendor then traced the infection back to a USB drive belonging to an employee at the European hospital. The same USB drive had been previously taken to a conference in Asia.
“He (the employee) shared his presentation with fellow attendees using his USB drive. Unfortunately, one of his colleagues had an infected computer, so his own USB drive unknowingly became infected as a result,” Check Point said.
After returning to Europe, the employee then slotted the USB drive into a hospital computer, thereby spreading the infection to another continent.
Check Point suspects the European health institution was merely “collateral damage,” and not the intended target. That’s because the Chinese hacking group behind the malware, Mustang Panda, has historically targeted countries based in Southeast Asia.
Check Point points out the incident provides an “in-the-wild sighting” of hacking tools the antivirus provider Avast described last December in a report(Opens in a new window) about Mustang Panda. At the time, Avast had uncovered an FTP server the Chinese hacking group was using to host its hacking tools, which included a launcher, written in Delphi, to install malware over a USB drive.
The malware works by hiding all the files in the USB drive. When a user accesses the
Read more on pcmag.com