{
	"id": "0074af17-8a80-441c-a21d-1ca0a1a0aa66",
	"created_at": "2026-04-06T00:16:00.606211Z",
	"updated_at": "2026-04-10T13:12:52.692146Z",
	"deleted_at": null,
	"sha1_hash": "6b8c34552b7d555bbab4362b3356cef3cfee8fca",
	"title": "Chinese Hackers Target Taiwanese Financial Institutions with a new Stealthy Backdoor",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 284417,
	"plain_text": "Chinese Hackers Target Taiwanese Financial Institutions with a\r\nnew Stealthy Backdoor\r\nBy The Hacker News\r\nPublished: 2022-02-07 · Archived: 2026-04-05 19:43:26 UTC\r\nA Chinese advanced persistent threat (APT) group has been targeting Taiwanese financial institutions as part of a\r\n\"persistent campaign\" that lasted for at least 18 months.\r\nThe intrusions, whose primary intent was espionage, resulted in the deployment of a backdoor called xPack,\r\ngranting the adversary extensive control over compromised machines, Broadcom-owned Symantec said in\r\na report published last week.\r\nWhat's notable about this campaign is the amount of time the threat actor lurked on victim networks, affording the\r\noperators ample opportunity for detailed reconnaissance and exfiltrate potentially sensitive information pertaining\r\nto business contacts and investments without raising any red flags.\r\nIn one of the unnamed financial organizations, the attackers spent close to 250 days between December 2020 and\r\nAugust 2021, while a manufacturing entity had its network under their watch for roughly 175 days.\r\nhttps://thehackernews.com/2022/02/chinese-hackers-target-taiwanese.html\r\nPage 1 of 2\n\nAlthough the initial access vector used to the breach the targets remains unclear, it's suspected that Antlion\r\nleveraged a web application flaw to gain a foothold and drop the xPack custom backdoor, which is employed to\r\nexecute system commands, drop subsequent malware and tools, and stage data for exfiltration.\r\nAdditionally, the threat actor used C++-based custom loaders as well as a combination of legitimate off-the-shelf\r\ntools such as AnyDesk and living-off-the-land (LotL) techniques to gain remote access, dump credentials, and\r\nexecute arbitrary commands.\r\n\"Antlion is believed to have been involved in espionage activities since at least 2011, and this recent activity\r\nshows that it is still an actor to be aware of more than 10 years after it first appeared,\" the researchers said.\r\nThe findings add to a growing list of China-linked nation-state groups that have targeted Taiwan in recent months,\r\nwhat with malicious cyber activities mounted by threat actors tracked as Tropic Trooper and Earth Lusca striking\r\ngovernment, healthcare, transportation, and educational institutions in the country.\r\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content\r\nwe post.\r\nSource: https://thehackernews.com/2022/02/chinese-hackers-target-taiwanese.html\r\nhttps://thehackernews.com/2022/02/chinese-hackers-target-taiwanese.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://thehackernews.com/2022/02/chinese-hackers-target-taiwanese.html"
	],
	"report_names": [
		"chinese-hackers-target-taiwanese.html"
	],
	"threat_actors": [
		{
			"id": "6360ea44-b90d-435c-b3cd-9724751b8294",
			"created_at": "2023-01-06T13:46:39.304451Z",
			"updated_at": "2026-04-10T02:00:03.281303Z",
			"deleted_at": null,
			"main_name": "Antlion",
			"aliases": [],
			"source_name": "MISPGALAXY:Antlion",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6ad5ab33-9a45-43d3-b0e4-70b7f9d836f8",
			"created_at": "2022-10-25T16:07:23.309518Z",
			"updated_at": "2026-04-10T02:00:04.535597Z",
			"deleted_at": null,
			"main_name": "Antlion",
			"aliases": [],
			"source_name": "ETDA:Antlion",
			"tools": [
				"CheckID",
				"EHAGBPSL",
				"EHAGBPSL Loader",
				"ENCODE MMC",
				"JpgRun",
				"JpgRun Loader",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"NERAPACK",
				"NetSessionEnum",
				"ProcDump",
				"PsExec",
				"WinRAR",
				"xPack"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434560,
	"ts_updated_at": 1775826772,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6b8c34552b7d555bbab4362b3356cef3cfee8fca.pdf",
		"text": "https://archive.orkl.eu/6b8c34552b7d555bbab4362b3356cef3cfee8fca.txt",
		"img": "https://archive.orkl.eu/6b8c34552b7d555bbab4362b3356cef3cfee8fca.jpg"
	}
}