VLC player on ipad and iPhone – VCL
A group of advanced persistent threats (APTs) known as Cicada is attacking institutions around the world, as well as non-governmental organizations (NGOs) and using as a means the free VLC player.
As explained by the technology company Broadcom Software, in recent months this group of cybercriminals, also known as APT10, has targeted organizations in Europe, Asia and North America.
Cicada’s activity was linked by the United States with the Chinese government in 2018 and mainly focused on companies related to Japan in its early stages closed in 2009.
Recently, connections of this group with attacks on managed service providers (MSP) have been found globally.
The attribution of this activity, which has taken place since mid 2021 to February 2022, It is based on the presence in infected networks of a personalized ‘malware’ used exclusively by these cybercriminals, called Sodamaster.
It is a fileless ‘malware’ that is capable of carrying out different actions, such as the download and execution of additional payloads or the modification of the username, the ‘host’ or the operating system.
As Symantec’s research team has been able to determine, a division of Broadcom this activity has been detected on Microsoft Exchange servers, which could have been used to gain access to victims’ systems.
Other means of attack that these cybercriminals have exploited has been the free player VLC Media Player, in which they have been able to introduce this custom ‘malware’ through the application’s export function.
In addition, members of the Cicada network–also known as Stone Panda, Potassim, Bronze Riverside, or Team MenuPass–have used the tool WinVNC for remote control of the victims’ computers.
Cybercriminals have also used procedures such as the open source tool NBTScan, WMIExec or RAR files to carry out these attacks, mainly aimed at institutions related to the government and NGOs.
Some of the sectors in which these malicious actions have been concentrated include telecommunications, legal, education, pharmaceuticals and religion.
In addition, as Symantec has been able to verify, these have originated in the United States, Hong Kong, Canada, Turkey, Israel, India, Montenegro and Italy.