Avast Discovers Chinese-Linked 'Kimsuky' Group's Sophisticated Attack on Central Asian Infrastructure
Cybersecurity firm Avast has uncovered a sophisticated attack by a suspected Chinese-linked group, dubbed 'Kimsuky', targeting critical infrastructure in Central Asia. The group compromised a telecommunications company, a gas company, and a governmental institution, planting backdoors for long-term access.
Avast, in collaboration with ESET, discovered the Advanced Persistent Threat (APT) attack. The group, suspected to be based in China, employed tools such as Gh0st RAT and Mimikatz to move laterally within networks. They also frequently recompiled custom tools to evade antivirus detection.
The backdoors installed allowed the group to manipulate and delete files, take screenshots, and execute commands. Infected devices could act as proxies or listen on specific ports on every network interface. Avast reported its findings to the local Computer Emergency Response Team (CERT) and reached out to the affected telecommunications company.
Avast believes the 'Kimsuky' group is also responsible for attacks in Mongolia, Russia, and Belarus. The group's use of Gh0st RAT and similarities in code suggest a Chinese origin. The attack highlights the growing threat to critical infrastructure from state-sponsored cyber actors.
