The Hacker News reported on December 1 that Chinese hackers have conducted attacks on governmental servers in Uzbekistan and against individual users in South Korea.

The Uzbek Foreign Ministry’s servers reportedly came under an attack utilizing a “remote access Trojan” program called “SugarGh0st RAT,” which enables hackers to transfer data, initiate commands remotely and other malicious activities.

The Hacker News report goes on to claim that the program originated in China, adding that the hackers appeared to be native Chinese speakers. The report however does not provide any proof of Chinese government involvement, but doesn’t rule it out, given that China has a record of carrying out such intelligence-gathering activity.  For example, earlier this autumn, Chinese state-connected hackers reportedly broke into US State Department servers, gaining access to over 60,000 emails.

"The Gh0st RAT malware is a mainstay in the Chinese threat actors' arsenal and has been active since at least 2008. … The targeting of the Uzbekistan Ministry of Foreign Affairs also aligns with the scope of Chinese intelligence activity abroad," Hacker News quotes researchers as saying.  

The researchers said they discovered four samples deployed as part of the campaign, including one sent to users in Uzbekistan’s Ministry of Foreign Affairs.  Once opened, the sample reportedly drops a decoy document purporting to be about an investment project with content about a presidential decree about technical regulation.