Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign


A “multi-year” Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations.

Recorded Future’s Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to “Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government, military, and political entities in South Korea, Japan, and Russia.”

The cybersecurity firm characterized the targeting of South Korean academic institutions as in alignment with China’s broader efforts to conduct intellectual property theft and expand its influence, not to mention motivated by the country’s strategic relations with the U.S.

Social engineering attacks mounted by the adversary make use of Microsoft Compiled HTML Help (CHM) file lures to drop a custom variant of an open-source Visual Basic Script backdoor called ReVBShell, which subsequently serves to deploy the Bisonal remote access trojan.

Read more…