Select Page

Systems hosting content pertaining to the National Games of China were successfully breached last year by an unnamed Chinese-language-speaking hacking group.

Cybersecurity firm Avast, which dissected the intrusion, said that the attackers gained access to a web server 12 days prior to the start of the event on September 3 to drop multiple reverse web shells for remote access and achieve permanent foothold in the network.

The National Games of China, a multi-sport event held every four years, took place in the Shaanxi Province between September 15 and 27, 2021.

The Czech company said it was unable to determine the nature of the information stolen by the hackers, adding it has “reason to believe [the attackers] are either native Chinese-language speakers or show high fluency in Chinese.” The breach is said to have been resolved ahead of the start of the games.

The initial access was facilitated by exploiting a vulnerability in the webserver. But before dropping the web shells, the adversary also experimented with the type of files that they were able to upload to the server, only to follow it up with submitting executable code that masqueraded as seemingly harmless images files.

images from Hacker News