Researchers have provided insight into China Chopper, a web shell used by the state-sponsored Hafnium hacking group.
Hafnium is a group of cyberattackers originating from China. The collective recently came into the spotlight due to Microsoft linking them to recent attacks exploiting four zero-day vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — in Microsoft Exchange Server.
Microsoft says that Hafnium tends to strike targets in the United States, focusing on industries including defense, research, law, and higher education. While believed to be based in China, the group uses leased virtual private servers (VPS) in the US.