How do China's cyber-spies snoop on governments, NGOs? Probably like this

2022-04-07 09:45

The Threat Hunter Team team is attributing the attacks to Cicada, also known as APT10 - a group that has been operating for more than a decade and that intelligence agencies in the US have linked to China's Ministry of State Security.

The researchers are pointing at Cicada because a custom loader and custom malware that have been used exclusively by the group were found in victims' networks.

"Cicada's initial activity several years ago was heavily focused on Japanese-linked companies, though in more recent times it has been linked to attacks on managed service providers with a more global footprint. However, this campaign does appear to indicate a further widening of Cicada's footprint."

In some cases, Cicada's activities on targets' networks is first detected on Exchange servers, which could indicate the hackers were exploiting an unpatched vulnerability in Microsoft's software.

Once in a system, the group unfurls a collection of tools - including a custom loader that was deployed in a previous attack by Cicada, according to the researchers.

"The targeting of multiple large organizations in different geographies at the same time would require a lot of resources and skills that are generally only seen in nation-state backed groups and it shows that Cicada still has a lot of firepower behind it when it comes to its cyber activities," the researchers wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/07/china-espionage-campaign/

#china #spies