SparklingGoblin APT Targeted Hong Kong University With New Linux Backdoor
The SideWalk backdoor has been leveraged by a threat actor group seeking to target a Hong Kong university. The attack reportedly occurred in February 2021 and was perpetrated by the SparklingGoblin advanced persistent threat group. The attackers sough out the Linux variant of the backdoor to hack into the university’s systems during student protests that occurred around that time. Security researchers at Eset published a cybersecurity advisory confirming that the same university was targeted by the same threat group again in May 2020 amid protests.
Eset intelligence published in a blog post earlier this week identifies SparklingGoblin as an APT group that mostly targets East and Southeast Asia. The group tends to focus on research and academic institutions and appears to be motivated by obtaining access to information. The group targeted the university over a long period of time, enabling it to compromise multiple servers, an email server, print server, and one that manages student schedules and course registration. The latest attack last year leveraged the Linux variant of the SideWalk backdoor.