Novel Chinese hacking operation Unfading Sea Haze has compromised at least eight government and military organizations across the South China Sea — where China has territorial claims against Indonesia, Malaysia, Taiwan, Vietnam, and the Philippines — as part of a cyberespionage campaign that began nearly five years ago, according to The Record, a news site by cybersecurity firm Recorded Future.
Initial network access was achieved by attackers through spearphishing emails that included malicious attachments facilitating backdoor deployment in targeted systems, a report from Bitdefender showed. Other tools were then used by Unfading Sea Haze to hijack admin accounts and further expand network access before distributing stealthy information-stealing malware, said researchers.
Such a development comes amid a Mandiant report detailing Chinese hackers' utilization of a proxy army dubbed "ORB networks," which were regarded by Mandiant Principal Analyst Michael Riggi to be a major Chinese cyberespionage innovation.
"[ORBs are] like a maze that is continually reconfiguring with the entrance and the exit disappearing from the maze every 60 - 90 days," said Riggi.