Chinese Hackers Exploit VSCode Tunnels: Microsoft’s Development Tool Turned Cyber Backdoor

Chinese hackers are using Visual Studio Code backdoor tactics to maintain stealthy access to IT systems in Southern Europe. By abusing Microsoft’s Remote Development feature, they create undetectable tunnels through Azure, raising concerns over this rare method. Security experts advise vigilance over suspicious VSCode launches and unexpected connections.

3P
Published: December 10, 2024 12:47 pmAdded: December 10, 2024 at 5:19 amAssembled by: The Editor
Pro Dashboard

Hot Take:

When hackers start using your favorite coding tool as a backdoor, it’s like discovering your grandma has a secret life as a rollerblading ninja. VSCode tunnels, how could you betray us like this? It’s almost as if hackers are saying, “Why hack the planet when you can just hack your IDE?”

Key Points:

  • Chinese hackers are using VSCode tunnels to maintain access to compromised systems.
  • The campaign, known as Operation Digital Eye, was observed in June and July 2024.
  • This tactic involves exploiting Microsoft’s legitimate infrastructure, making detection challenging.
  • Initial access was gained through SQL injection and expanded using a PHP webshell called PHPsert.
  • The exact threat actor remains undetermined, but suspicions point weakly at STORM-0866 or Sandman APT.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?