IPv6 abused by Chinese hackers since 2022
Briefly

TheWizards, a Chinese hacker group, has been exploiting the Stateless Address Autoconfiguration (SLAAC) feature in IPv6 networks, as uncovered by ESET. Their tool, Spellbinder, enters organizations' IT systems disguised as legitimate software updates, allowing attackers to redirect traffic to a malicious gateway. Once in the system, it facilitates data theft by installing a backdoor called WizardNet. ESET urges those who do not require IPv6 to utilize IPv4 instead and calls for heightened awareness of this previously overlooked attack method, emphasizing the need for organizations to enhance their cybersecurity defenses.
The latest findings by ESET reveal that a Chinese hacker group known as TheWizards exploits the Stateless Address Autoconfiguration feature in IPv6 to conduct cyberattacks.
Spellbinder, a tool utilized by TheWizards, enters IT environments disguised as a legitimate archive, ultimately allowing attackers to search for data theft opportunities.
Read at Techzine Global
[
|
]