Systems at China's National Games were backdoored before the games

Short News:- 

Attackers gained access to a web server 12 days before the scheduled event on September 3. The breach is said to have been repaired prior to the start of the games themselves. Media reports say the attackers are either native Chinese language speakers or fluent in the Chinese language. National Games of China were held from September 15 to 27, 2021.

Detailed News:- 

An unidentified Chinese-speaking hacking group successfully breached systems that hosted content related to China's National Games last year, according to media reports.

Attackers gained access to a web server 12 days before the scheduled event on September 3, allowing them to drop multiple reverse shells for remote access and establish a permanent foothold in the network before the scheduled event.

Taking place every four years, the National Games of China were held in Shaanxi Province from September 15 to 27, 2021, and featured a diverse range of sports.

It stated in a statement that it had "reason to believe [the attackers] are either native Chinese language speakers or demonstrate high fluency in the Chinese language." The breach is said to have been repaired prior to the start of the games themselves.

In order to gain initial access, a vulnerability in the web server was exploited and exploited. The adversary also experimented with the types of files that they could upload to the server, only to submit executable code disguised as image files as a result of their experiments.

Additional attempts were made to reconfigure the server to run the Behinder web shell, but when these failed, the operators "uploaded and ran an entire Tomcat server properly configured and weaponized" with the post-exploitation tool," the investigators write.

The researchers from Avast, David lvarez Pérez, and Jan Neduchal, wrote in a blog post published on Tuesday that after gaining access, the attackers used automated exploits and brute-forcing services to move through the network after gaining access.

Additionally, in addition to network scanners and Go programming, the threat actor was able to perform lateral movement and autonomously break into other network devices by uploading additional tools to the network.

As the researchers noted, "Go is a programming language that is becoming increasingly popular and that can be compiled for multiple operating systems and architectures, in a single binary self-containing all dependencies," pointing to the growing use of Go-based malware in cyber attacks.

"As a result, we expect to see malware and gray tools written in this language in future attacks, particularly in [Internet of Things] attacks, which involve a wide variety of devices leveraging a variety of processor architectures."