SparklingGoblin steals data from US computer retailer

Eset, the Slovakia-based cybersecurity company, discovered that the hacking group SparklingGoblin used a backdoor to target a computer retailer business based in the US. This was used by the group to enter the firm’s servers.

This group has been seen targeting the academic sectors in East and Southeast Asia, along with having interest in the Canadian education sector, US media companies, and now a US-based computer retail company.

The names of the companies attacked and the time of the breaches remain unknown. Also, the origin of the group is unidentified, but Eset states that since few of its procedures were defined on a Chinese language blog it may be from eastern Asia. 

The group’s backdoor used is called Sidewalk, and it utilizes Google Docs to transfer IP configurations and other sensitive information. According to the researchers, the group is an ‘advanced persistent threat,’ which means it uses continuous, complex hacking tactics to access systems and stay there for elongated tenures with destructive consequences.

Eset also pointed out that a similar toolset to that of SparklingGoblin was used to conduct a series of attacks against Hong Kong universities by the Winnti Group, which is involved in such acts since 2012 and is responsible for supply-chain attacks against industries such as video games and software.

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger highlights that all organizations around the globe, regardless of their size, are not safe from cyberattacks. Further on is has been pointed out that ransomware is on the rise. These attacks play a major role in disrupting organizations around the world, covering a wide umbrella that includes everything from hospitals across Ireland, Germany, and France, to pipelines in the United States and banks in the UK. The consequences of these threats are severe, and they are increasing at a faster pace.