Cybersecurity experts have warned about the new threat. This time the criminals attacked the popular VLC media player. According to researchers, the media player is now distributing malware that monitors government agencies and related organizations.
The attacker, nicknamed Cicada (a.k.a. Stone Panda or APT10), targets organizations in the government, legal and non-governmental sectors, and does not disdain attacking religious organizations. The geography of the organizations is large, but they are mainly located in the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro and Italy. Given that Japan has traditionally been the main hunting ground for Cicada, researchers have the impression that this attacker is expanding its worldview.
The malware used in this latest round of attacks has no name, but Symantec researchers responsible for the discovery believe it is being used for espionage.
Apparently, the attacker, who is apparently of Chinese descent, used a known vulnerability in the Microsoft Exchange server to gain initial access. The campaign began in mid-2021 and may continue to this day.
The attackers “downloaded” the malware using a clean version of VLC with a malicious DLL file in a way, similar to player’s export function.. In addition to malware, Cicada has also deployed a WinVNC remote control server and a Sodamaster backdoor. Among the data that Cicada collects through its malware is information about the system and active processes. So even if you do not belong to the civil service, we would not recommend using VLC yet.