Beware! HUI Loader Linked with Chinese Threat Actors
The HUI Loader malware has been around for several years. However, security researchers have only recently linked the malicious tool to a couple of Chinese threat actors who are believed to be backed by the state.
The threat actors in question use ransomware attacks, but according to threat intelligence researchers are primarily interested in cyber espionage and the theft of sensitive intellectual property from their targets.
HUI Loader itself is distributed using the common methods of malicious distribution - malicious emails, usually phishing out for specific victims, or abusing a flaw in vulnerable, unpatched software.
It is believed the state-linked Chinese threat actors combine the use of the HUI Loader with malicious attacks made to look like ransomware gangs hitting targets for money, while in reality, this is all a front used to steal sensitive and valuable information and make the victims think they became the victim of regular cybercriminals who are out for profit.
The better part of the attacks using HUI Loader were targeting entities based in Japan. However, security experts warn that companies located in the West should also update all their software and systems, then keep a watchful eye for phishing attempts targeting their employees.