Operation Jacana [1] [2] [3] [4] [5], a cyber espionage campaign [1] [2] [3] [4] [5], has recently been uncovered. This targeted attack focused on a governmental entity in Guyana and was carried out by Chinese state-sponsored cyber attackers.


The attackers utilized spear-phishing emails that referenced Guyanese public and political affairs to gain unauthorized access to the internal network [5]. Once inside, they deployed a previously unknown backdoor called DinodasRAT [2]. This sophisticated malware has the capability to exfiltrate files, manipulate Windows registry keys [2] [3] [4] [5], and execute commands [1] [2] [3] [4] [5]. To conceal their activities, DinodasRAT encrypts information using the Tiny Encryption Algorithm and sends it to a command and control server. The attackers also employed the Korplug backdoor and the SoftEther VPN client [4].

ESET [2] [3] [5], a leading cybersecurity company, has attributed this campaign to a Chinese advanced persistent threat (APT) group based on the use of the Korplug RAT [1] [3], which is commonly associated with China-aligned cyber threat groups. It is believed that the attack on the Guyanese governmental entity may be a response to recent tensions between Guyana and China. Additionally, the attackers compromised a Vietnamese governmental entity to host their malware samples [1] [3] [5].


The Operation Jacana cyber espionage campaign has significant implications. It highlights the increasing sophistication of state-sponsored cyber attackers and their ability to target specific governmental entities. To mitigate such attacks, organizations must enhance their cybersecurity measures and remain vigilant against spear-phishing attempts. Furthermore, this incident underscores the need for international cooperation in addressing cyber threats and resolving geopolitical tensions that can fuel such attacks.


[1] https://flyytech.com/2023/10/05/operation-jacana-reveals-dinodasrat-custom-backdoor/
[2] https://www.eset.com/sg/about/newsroom/press-releases1/products/eset-research-discovers-operation-jacana-targeting-governmental-entity-in-guyana-likely-by-chinese-t/
[3] https://www.threatshub.org/blog/operation-jacana-reveals-dinodasrat-custom-backdoor/
[4] https://thehackernews.com/2023/10/guyana-governmental-entity-hit-by.html
[5] https://www.darkreading.com/threat-intelligence/operation-jacana-dinodasrat-custom-backdoor