The Security Researchers or Ethical Hackers found a Chinese Advanced Persistent Threat (APT) group that is exploiting Narrator “Ease of Access” built-in feature in Windows. The Security researchers or Ethical Hackers observed that the group is deploying a backdoor that lets them gain victim’s system access without any credentials.
Security Researchers says that the attack is initiated by Chinese Hackers delivering PcShare Backdoor to potential victims. Backdoor attacks are the one which negates the normal authentication system to access the system.
Researcher says that the backdoor has been designed with the needs of this specific campaign in mind, which includes additional command-and-control encryption and proxy bypass functionality. After gaining access to the machine, attackers have been observed to install various post-exploitation tools.
One of these tools, called Fake Narrator was uncovered to be used to gain SYSTEM-level access to the victim’s machine by abusing Microsoft Accessibility Features.
The Chinese Hackers are trying to replace the Narrator.exe of Windows with Hackers Fake Narrator to execute attacks. Hackers can get administrative privileges in the command prompt by executing this attack. PcShare Backdoor attack was previously observed by a threat actor called Tropic Trooper.
Security Researcher says that there is no concrete evidence to tell us who is responsible for these attacks. However, the geographic location of victims and the use of various Chinese open-source tools in the attack indicate the possibility of Chinese-origin threat actors. The technology companies in South-East Asia affected by this group.
Looking for your Comments……!!!. Comment here and share your experience with us.
Don’t forget to subscribe TechCybero and share this post with your colleagues.