Introduction

On April 26, 2023, news broke that Chinese hackers were using MgBot malware to target international non-governmental organizations (NGOs) operating within mainland China. The attacks were believed to have started in early 2023 and have continued to the present day.

This blog post, on behalf of CyberiumInfotech, will delve into the details of these attacks, their causes, and what NGOs can do to protect themselves from similar cyberattacks in the future.

What is MgBot malware?

MgBot is a type of malware that is designed to infiltrate a system, collect data, and communicate with a command and control (C&C) server. The malware is typically distributed through phishing emails, malicious websites, or other means. Once installed, the malware can steal sensitive information, such as login credentials, financial information, and intellectual property.

MgBot malware has been associated with Chinese state-sponsored hacking groups, and it has been used in various cyber espionage campaigns over the year

The attacks on international NGOs in mainland China

The attacks on international NGOs in mainland China began in early 2023 and have continued to the present day. The attacks were discovered by cybersecurity firm FireEye, which reported that the hackers behind the attacks were using MgBot malware to target NGOs operating within mainland China.

The hackers were reportedly seeking to steal sensitive information, such as donor lists, financial information, and strategic plans. The attacks were highly targeted and sophisticated, with the hackers using social engineering tactics to gain the trust of their targets before delivering the malware.

The cause of the attacks

The motive behind the attacks is not entirely clear, but it is believed to be linked to the Chinese government's crackdown on foreign NGOs operating within the country. In 2016, China passed a law that placed strict regulations on foreign NGOs, requiring them to register with the Chinese government and subjecting them to increased scrutiny.

The attacks on international NGOs may be an attempt by the Chinese government to gain access to sensitive information about these organizations and their activities in mainland China.

How to prevent similar attacks

NGOs operating in mainland China can take several steps to protect themselves from similar cyberattacks in the future. These include:

1. Use anti-virus software and firewalls to protect their systems and networks.

2. Conduct regular security audits and vulnerability assessments of their IT infrastructure.

3. Implement secure coding practices to minimize the risk of vulnerabilities.

4. Train employees on cybersecurity best practices and how to identify and report phishing emails.

5. Limit access to sensitive information to only those employees who need it.

6. Encrypt sensitive data at rest and in transit.

7. Use multi-factor authentication wherever possible.

8. Have a disaster recovery plan in place in case of a data breach.

Conclusion

The attacks on international NGOs in mainland China using MgBot malware highlight the importance of cybersecurity for organizations operating in high-risk environments. NGOs can take several steps to protect themselves from similar cyberattacks, including using anti-virus software and firewalls, conducting regular security audits, and implementing secure coding practices. By taking these steps, NGOs can minimize the risk of cyberattacks and protect their sensitive data.