Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Chinese hackers abuse IPv6 SLAAC for AitM attacks via Spellbinder lateral movement tool

(State Department photo)

By Ravie Lakshmanan

A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks.

“Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAACspoofing, to move laterally in the compromised network, intercepting packets and redirecting the traffic of legitimate Chinese software so that it downloads malicious updates from a server controlled by the attackers,” ESET researcher Facundo Muñoz said in a report shared with The Hacker News.

The attack paves the way for a malicious downloader that’s delivered by hijacking the software update mechanism associated with Sogou Pinyin. The downloader then acts as a conduit to drop a modular backdoor codenamed WizardNet.

Read more at The Hacker News

Click to listen highlighted text!