A Chinese hacker group, known as Dalbit (m00nlight), has been responsible for a series of cyber attacks against Korean companies since 2022. The group has recently made headlines after researchers at AhnLab’s ASEC discovered that it has had more than 50 confirmed attack attempts on Korean companies in the past year.
According to ASEC, the majority of the attacked companies were mid to small-sized, but the group has also targeted some major companies. Logs from the attacks reveal that 30 percent of the affected companies were found to be using a certain Korean groupware product, which has made them particularly vulnerable to Dalbit’s attacks.
The ASEC team decided to name the group Dalbit, which is the Korean word for moonlight, due to the group’s nocturnal attack pattern. The group’s attack campaign was first uncovered in August 2022, and the ASEC team has been monitoring the group’s activities since then.
The group’s tactics have evolved over time, with the most recent attacks utilizing a Fast Reverse Proxy (FRP) to gain access to their targets. FRP is a technique that allows attackers to bypass network firewalls and other security measures by creating a proxy server that can route traffic from the attacker’s machine to the target’s network.
The group’s attacks have been carried out using a variety of techniques, including malware, phishing emails, and SQL injection attacks. Once the group gains access to a company’s network, it will attempt to steal sensitive information or install ransomware to extort money from the victim.
The ASEC team has stated that the group’s attacks are highly sophisticated and are likely being carried out by a team of experienced hackers. The group is believed to be based in China, but it is unclear who is funding the group’s activities.
In response to the attacks, Korean authorities have urged companies to take steps to protect their networks from cyber attacks. This includes regularly updating their security systems and training employees to be vigilant against phishing emails and other social engineering attacks.
Experts have also warned that companies need to be prepared for the possibility of a cyber attack and have a plan in place to respond quickly in the event of an attack. This includes having backups of important data and systems, as well as a plan for how to communicate with employees and customers in the event of a data breach.
The attacks by Dalbit highlight the growing threat of cyber attacks against businesses around the world. With more companies relying on digital technology to conduct their operations, the risk of cyber attacks has increased dramatically in recent years. Businesses must take proactive steps to protect themselves from these threats, including investing in robust cybersecurity systems and training their employees to be vigilant against potential threats.
As the Dalbit hacker group continues its attacks against Korean companies, it is clear that the threat of cyber attacks is not going away anytime soon. Companies must remain vigilant and take proactive steps to protect themselves from these threats, or risk becoming the next victim of a cyber attack.
