These activities have been linked to a hacker group called Cicada, also known by a long list of other names, such as menuPass, Stone Panda, APT10, Potassium and Red Apollo. Cicada has been around the internet for quite some time, at least since 2006.
Malware is often deployed to open a door on a victim’s computer, allowing hackers to obtain all kinds of information. It can take away almost everything about system information, detect running programs and download files on command, only expanding the potential for abuse. Such stealth attacks are not uncommon, but the way Cicada conducts them shows that it took place on a very large scale.
The hacker group’s campaign involves the hugely popular open source software, VLC Media Player, which was first released in 2001. As reported by the company. Bleeping Computer, the targets are a wide range of entities involved in legal, governmental or religious activities. NGOs have also been targeted. What’s more amazing is that the activity has spread to at least three continents. Some of the countries targeted include the US, India, Turkey, Israel, Italy, and Canada.
Although VLC software has been exploited to deploy malware, however Bleeping Computer says that the software itself is “clean”. It looks like a safe version of VLC has been combined with a malicious DLL file that sits as the media player’s export function. This is called DLL SideLoading, an attack technique in which a rogue DLL file can be loaded into an application’s memory leading to unintended execution of code.
To gain access to compromised networks, a Microsoft Exchange server was exploited. In addition, a WinVNC server has also been deployed as a means to establish remote control of systems affected by the malware.
The attackers also implemented the Sodamaster backdoor on the compromised networks. This is a stealthy tool that executes in system memory without requiring any files. It has the ability to avoid detection and can delay execution at startup.
Symantec researchers have discovered that these cyberattacks could have started as early as mid-2021 and continued into February 2022. However, it’s entirely possible that the threat This continues to this day.
While these attacks are certainly dangerous, maybe not every VLC user needs to worry. Bleeping Computer stated that the VLC file in question is clean and that the hackers seem to have a very targeted approach, focusing on certain entities. However, it is important that users should always pay attention to the security of their computers.
The VLC developer itself has yet to officially acknowledge the situation.
Refer digitaltrends