It is highly likely that you, as a member of today’s digital and internet streaming generation, are exceptionally familiar with the open-source media player, VLC. For many, it’s a media player that does away with issues of “codec packs” and older versions of Windows’ video playback support. For some nefarious groups, though, it’s a gateway towards conducting some less-than-savoury cyberattacks, a point that one hacker group took full advantage of.
The hacker group in question goes by the name Cicada, a hacker collective that has been around since 2006 and is believed to be a state-sponsored group, backed specifically by China. According to BleepingComputers, at least two of the group’s members have been charged in the US for hacking into the servers of more than 45 US technology companies, as well as government agencies. What makes this group especially notorious is its success; since their inception, the group has reportedly been successful in stealing foreign trade secrets, usually within avenues pertaining to technology.
Getting back on point, Cicada apparently began exploiting VLC Media Player to launch its own custom malware loader onto compromised systems, by using a “clean” version of VLC and lacing it with malicious “.dll” files, located within the same path as the media player’s export functions. The technique, aptly known as DLL sideloading, was used primarily against governments and NGOs that are considered targets by the hacker group and its masters. Additionally, the hackers also used other security holes in other software, such as unpatched versions of Microsoft Exchange, to further their actions along.