VLC is a popular choice for playing any type of music or video across a wide range of systems. The program, however, may not be immune to malicious software that can harm your machine, owing to a Chinese cybercrime syndicate.
Cicada, also known as Stone Panda or APT10, a Chinese hacking gang, has purportedly been employing VLC on Windows systems to spy on government and other high-level institutions. NGOs, legal agencies, and religious organizations in the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro, Japan, and Italy have also been targeted.
Also Read: The Next MacBook Air will Feature M2 Chip and White Notch
According to Symantec, an industry leader in cybersecurity, the hackers used a clean version of VLC, dropped a malicious file into the player’s export features, and used a VNC remote-access server to fully take control of a compromised PC. On a hacked computer, hacking tools such as the group’s own fileless malware Sodamaster backdo or or other custom loaders are installed, which scan the system, download other malicious applications, and obstruct communication networks.
The attacks started last year after unpatched vulnerabilities in the Microsoft Exchange server were exploited, according to Symantec, and may still be happening. Symantec claims in an official blog post:
While Cicada has been linked to espionage-style operations since 2009, the first activity in this current campaign was in mid-2021, with the most recent activity in February 2022, indicating that this is a long-running attack campaign.
The attacks are almost certainly espionage-related, with Symantec verifying that Cicada has previously attempted to infiltrate the defense, aviation, shipping, biotechnology, and energy industries. According to Symantec,
Also Read: Eric Kong, CEO vivo Pakistan Talks About Smartphone Camera Innovation
Cicada’s original activity was on Japanese-connected organisations several years ago, but it has now been linked to assaults on managed service providers (MSPs) with a larger worldwide presence. This advertisement, on the other hand, appears to imply a broadening of Cicada’s target audience.
Advertisement
RAR archiving, System/Network discovery, WMIExec, NBTScan, and other tools, according to the cybersecurity firm, may have also been used to carry out the attack campaign. The attackers spent up to nine months on the networks of some of their victims in some circumstances. According to Symantec,
This is a long-running effort by a competent and experienced nation-state-backed actor that may still be active, given the most recent activity we witnessed in February 2022. Cicada still has a lot of firepower behind it when it comes to its cyber activities, as attacking many large corporations in different regions at the same time would necessitate a lot of resources and expertise that are typically only seen in nation-state-backed groups.