Chinese cybersecurity experts claim Korean hackers have launched a wide-ranging hacking campaign against China’s government and its overseas diplomat missions, amid heightened coronavirus fears around the world.

Why it matters: Qihoo 360 speculated that the hackers, dubbed DarkHotel, may have been attempting to access information relating to the Covid-19 outbreak in China, including infection data and information relating to China’s recovery.

  • While DarkHotel is believed to operate out of the Korean Peninsula, it is unclear whether they are from North or South Korea.
  • The Covid-19 pandemic has forced millions around the world to work from home, typically making it easier for hackers to gain access to sensitive data.

Details: DarkHotel used a vulnerability in Chinese virtual private network (VPN) service Sangfor to attack China’s government agencies in around 20 countries, including the UK, Italy, and the United Arab Emirates, according to Chinese cybersecurity company Qihoo 360.

  • Employees typically use VPNs to access corporate networks while working remotely. These services are used by both companies and governments.
  • The hackers began targeting overseas Chinese agencies in March. The campaign has spread to include the governments of Shanghai and Beijing, according to Qihoo.
  • The attackers used a previously unknown vulnerability in the VPN service to take control of diplomatic servers in the 19 countries.
  • The cybersecurity company said that “many” devices that connect to these networks “have been under the control of the attackers.”
  • Sangfor said it has been releasing patches for the vulnerability, and that they would all be available by Tuesday.

Once VPNs are controlled by threat actors, the internal assets of many enterprises and institutions will be exposed to the public network, and the loss will be immeasurable.

—Qihoo 360 researchers

Context: Hackers around the world have used the Covid-19 pandemic as a means to gain access to sensitive corporate and personal data.

  • Qihoo said in February that South Asian attackers used coronavirus-themed emails as bait to launch attacks on organizations “on the frontline” of fighting the outbreak in China.
  • Meanwhile, these sorts of Covid-19 attacks have increased 667% worldwide, according to US-based security firm Barracuda.

Chris Udemans

Christopher Udemans is a Shanghai-based data and graphics reporter. He covers Chinese artificial intelligence, mobility, and cybersecurity. You can contact him at chrisudemans [at] technode [dot] com.