Latest update May 24th, 2026 12:45 AM
Latest News
- Independence cannot exist with Guyanese in economic bondage – Ram
- CNOOC with 12.5% stake in Stabroek Block raked in US$2.5B in 2025 while Guyana with 50% earned US$2.47B – financials
- Government launches ‘Eldorado Reimagined’ gold and jewelry brand
- Senegal to resize oil blocks to meet international standards
- President Ali threatens GuySuCo again for missing several targets
Suspected Chinese hackers infiltrate Govt. systems
…PM confirms probe underway
Kaieteur News – The Government of Guyana has launched an investigation into an infiltration of its network system by hackers suspected to be Chinese, Kaieteur News learnt on Monday.
President Mohamed Irfaan Ali shaking hands with Xi Jinping
Confirming the probe, Prime Minister Brigadier Retired Mark Phillips said, “We have a report, we are investigating that report right now to see exactly what really (is going on” He added that since the investigation is not yet completed, his government cannot at this time, “go to the public and say” that Chinese hackers are the ones involved. Phillips promised that a press statement on the findings from the investigation will be released later today.
On Thursday last, an ESET (Essential Security against Evolving Threats) research article penned by Fernando Tavella revealed that its researchers have discovered a Cyberepionage attack against a government entity in Guyana by hackers that could be Chinese. ESET is a Slovak software company that specialises in cyber security.
Cyberspionage or cyber spying is a type of cyber-attack where a hacker (s) attempts to access sensitive and classified data for economic gain, competitive advantage or political reasons and according to ESET, the attack on the Guyanese government was discovered in February this year and has been detected to be a spearphishing campaign.
A spearphishing campaign basically means that the hackers infiltrated the government’s network systems by sending fraudulent emails to the targeted entity, inducing it to reveal personal information. To breach Guyana’s network, the hackers sent emails with reference to the country’s public affairs activities. The subject lines on the fraudulent emails sent were, “President Mohamed Irfaan Ali’s Official Visit to Nassau, The Bahamas and Guyanese fugitive in Vietnam”.
Once these emails were opened, the hackers found their way into the government’s network system. “While we haven’t been able to link the campaign, which we named Operation Jacana, to any specific APT (advanced persistent threat) group, we believe with medium confidence that a China-aligned threat group is behind this incident”, ESET researchers said.
In the cyber-attack against Guyana, the hackers used an undocumented C++ backdoor- a code used to covertly bypass normal authentication or encryption in a computer-that can “exfiltrate files, manipulate Windows registry keys, execute CMD commands, and more. This means that the hacker can transfer, extract or remove key data from the government’s network.
ESET researchers have chosen to name the C++ backdoor used, DinodasRAT. “We named the backdoor DinodasRAT based on the victim’s (Guyanese Government) identifier it sends to its C&C (Command and Control- type of attack that allows the hacker to communicate with and control its victim’s network).: the string always begins with Din, which reminded us of the hobbit Dinodas from the Lord of the Rings”, ESET said.
Prime Minister, (Brigadier Retired) Mark Phillips.
ESET added that after the hackers successfully compromised “the first couple of machines” (government computer systems) with DinodasRAT, the operators proceeded to move laterally-trying different methods to explore the network infiltrated to find more vulnerabilities to escalate access privileges and reach the ultimate target – and breach the government’s internal network.
To breach the internal network the hackers not only used DinodasRat but also additional malicious software such as a variant of Korplug also known as PlugX. The use of the Korplug variant is what led ESET to believe that the hackers could be Chinese. Korplug variants are malwares that are quite common to China-aligned groups. Some examples of Korplug variants by Chinese hackers include, Mustang Panda’s Hodur, Old tricks and new Korplug variant.
ESET said that while it is not 100 percent sure of the hacker (S) identity, recent developments in Guyana/China diplomatic relations is also pointing them in the direction that they are Chinese.
“In February 2023, the same month that Operation Jacana occurred, the Special Organised Crime Unit (SOCU) of Guyana arrested three people in a money laundering investigation involving Chinese companies, an act disputed by the local Chinese embassy”, ESET stated while adding “Additionally, as part of the Belt and Road Initiative, China has economic interests in Guyana”.
Share this:
Discover more from Kaieteur News
Subscribe to get the latest posts sent to your email.
Similar Articles
THE BLUNT OF THE DAY
Sports
Features/Columnists
Sir. Ronald Sanders
The GHK Lall Column
Weekend Cartoon
