Security News
A sophisticated advanced persistent threat group believed to be operating out of China has been stealthily targeting Southeast Asian governments over the past three years, Bitdefender reports. Believed to be state-sponsored, the group was observed using numerous malware families, including the Chinoxy backdoor, PCShare RAT, and the FunnyDream backdoor.
Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018. "The attack has a complex and complete arsenal of droppers, backdoors and other tools involving Chinoxy backdoor, PcShare RAT and FunnyDream backdoor binaries, with forensic artefacts pointing towards a sophisticated Chinese actor," Bitdefender said in a new analysis shared with The Hacker News.
A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities.
A Chinese threat actor is leveraging DLL side-loading for the execution of malicious code in attacks targeting organizations in Myanmar, Sophos security researchers reveal. DLL side-loading is a technique that uses malicious DLLs that spoof legitimate ones, and which relies on legitimate Windows applications to load and execute the code.
Based on crude messages, such as "KilllSomeOne", used in attack code strings, coupled with advanced deployment and targeting techniques, they say the APT has a split personality. "The messages hidden in their samples [malware] are on the level of script kiddies. On the other hand, the targeting and deployment is that of a serious APT group," wrote Gabor Szappanos, author of a Sophos technical brief, posted Wednesday, outlining what is known about the APT. Szappanos wrote that the gang relies primarily on a cyberattack technique known as DLL side-loading.
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds. Advanced persistent threat groups continue to use the fog of intense geopolitics to supercharge their campaigns, but beyond these themes, actors are developing individual signature tactics for success.
The two conferences targeted include the Munich Security Conference, slated for Feb. 19 to 21, 2021 and the Think 20 Summit in Saudi Arabia, taking place Oct. 31 to Nov. 1 2020. Microsoft linked the attack, which targeted more than 100 conference attendees, to Phosphorus, which it said is operating from Iran.
The Department of Justice on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT. The threat group is believed to have launched several high-profile cyberattacks over the past few years - including the destructive NotPetya cyberattack that targeted hundreds of firms and hospitals worldwide in 2017. According to the DOJ complaint, the six Russian nationals are tied to a division of the Russian military intelligence service and also affiliated with the APT Sandworm, also known as TeleBots.
New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms - most notably Microsoft Exchange, Outlook Web Access and Outlook on the Web - in order to steal business credentials and other sensitive data. APTs Flock Exchange, OWA. One advanced persistent threat group that has been targeting Exchange and OWA is what researchers dub "BELUGASTURGEON".
That's according to researchers from Kaspersky, who noted that the group uses a variety of techniques to evade detection, including using public cloud services for command-and-control communications, and hiding its main malicious espionage module using steganography. Spy attacks on industrial holdings are far more unusual than campaigns against diplomats and other nation-state targets, according to the firm.