Thursday June 21, 2018
Home India China-based h...

China-based hacker group now targeting IT service providers and manufacturing companies in India: US-based cyber security group FireEye

0
//
93
Hacking (representational Image), VOA
Republish
Reprint

New Delhi, April 10, 2017: Raising an alarm for the IT service providers and manufacturing companies in India, US-based cyber security group FireEye has claimed that a new set of tools is being used by China-based cyber espionage group APT10 to steal confidential business data from domestic firms to support Chinese corporations.

FireEye has been tracking APT10 since 2009 and they have historically targeted construction, engineering, aerospace, telecom firms and governments in the US, Europe and Japan.

NewsGram brings to you latest new stories in India.

“IT services have been a core engine of India’s economic growth, with service providers here scaling the value chain to manage business-critical functions of top global organisations. Campaigns like this highlight risks which all organisations should factor into their operations,” said Kaushal Dalal, Managing Director, FireEye, India, in a statement on Monday.

APT10 activity has included both traditional spear phishing and access to victim’s networks through service providers.

Service providers have significant access to customer networks, enabling an attacker who had compromised a service provider to move laterally into the network of the service provider’s customer.

Go to NewsGram and check out news related to political current issues.

“Targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations,” said FireEye in an earlier blog post.

In addition, web traffic between a service provider’s customer and a service provider is likely to be viewed as benign by network defenders at the customer, allowing the attacker to exfiltrate data stealthily.

APT10 unveiled new tools in its 2016/2017 activity.

“HAYMAKER” and “SNUGRIDE” have been used as first-stage backdoors, while “BUGJUICE” and a customised version of the open source “QUASARRAT” have been used as second stage backdoors.

These new pieces of malware show that APT10 is devoting resources to capability development and innovation.

Look for latest news from India in NewsGram.

HAYMAKER is a backdoor that can download and execute additional payloads in the form of modules. BUGJUICE, also a backdoor, executed by launching a benign file and then hijacking the search order to load a malicious dll into it.

That malicious dll then loads encrypted shellcode from the binary, which is decrypted and runs the final BUGJUICE payload.

BUGJUICE defaults to TCP using a custom binary protocol to communicate with the C2, but can also use HTTP and HTTPs if directed by the C2. It has the capability to find files, enumerate drives, exfiltrate data, take screenshots and provide a reverse shell.

SNUGRIDE communicates with its C2 server through HTTP requests. Messages are encrypted using AES with a static key.

The malware’s capabilities include taking a system survey, access to the filesystem, executing commands and a reverse shell. Persistence is maintained through a Run registry key, the post added.

QUASARRAT is a fully functional .NET backdoor that has been used by multiple cyber espionage groups in the past. (IANS)

Click here for reuse options!
Copyright 2017 NewsGram

Next Story

Mahalaya: Beginning of “Devipaksha” in Bengali Celebration of ‘Durga Puja’

“Mahalaya” is the auspicious occasion that marks the beginning of “Devipaksha” and the ending of “Pitripaksha” and heralds the celebration of Durga Puja

0
Mahalaya morning in Kolkata. Flickr
  • Mahalaya 2017 Date: 19th september.
  • On Mahalaya, people throng to the holy river Ganges in order to pay homage to their ancestors and forefathers; which is called ‘Torpon’
  • Mahalaya remains incomplete without the magical chanting of the scriptural verses from the ‘Chandi Kavya’ that is broadcasted in All India Radio
  • The magic is induced by the popular Birendra Krishna Bhadra whose voice makes the recitation of the “Chandi Kavya” even more magnificent

Sept 19, 2017: Autumn is the season of the year that sees the Hindus, all geared up to celebrate some of the biggest festivals of India. The festive spirit in the Bengalis all enthused to prepare for the greatest of the festivals, the ‘Durga Puja’.

About Mahalaya:

Mahalaya is the auspicious occasion that marks the beginning of “Devipaksha” and the ending of “Pitripaksha,” and this year it is celebrated on September 19.

Observed exactly a week before the ‘Durga Puja’, Mahalaya is the harbinger of the arrival of Goddess Durga. It is celebrated to invoke the goddess possessing supreme power! The goddess is invited to descend on earth and she is welcomed with devotional songs and holy chants of mantras. On this day, the eye is drawn in the idols of the Goddess by the artisans marking the initiation of “Devipaksha”. Mahalaya arrives and the countdown to the Durga Puja begins!

NewsGram brings to you latest new stories in India.

The day of Mahalaya bears supreme significance to the Bengalis. The day is immensely important because on this day people throng to the holy river Ganges in order to pay homage to their ancestors and forefathers. Clad in white dhotis, people offer prayers and take dips in the river while praying for their demised dear ones. The ritual is popular as “Torpon”.

Mahalaya
An idol-maker in progress of drawing the eye in the idol of the Goddess. Wikipedia

As per Hindu myth, on “Devipaksha”, the Gods and the Goddesses began their preparations to celebrate “Mahamaya” or Goddess Durga, who was brought upon by the trinity- Brahma, Vishnu, and Maheshwara; to annihilate the fierce demon king named Mahishasura. The captivating story of the Goddess defeating the demon got popularized with the goddess being revered as “Durgatinashini” or the one who banishes all the evils and miseries of the world. The victory of the Goddess is celebrated as ‘Durga Puja’.

Go to NewsGram and check out news related to political current issues.

Mahalaya remains incomplete without the magical chanting of the scriptural verses from the ‘Chandi Kavya’ that is broadcasted at dawn in All India Radio in the form of a marvelous audio montage enthralling the souls of the Bengalis. Presented with wonderful devotional music, acoustic drama, and classical songs- the program is also translated to Hindi and played for the whole pan-Indian listeners.

Look for latest news from India in NewsGram.

Mahalaya
Birendra Krishna Bhadra (1905-1991). Wikipedia

The program is inseparable from Mahalaya and has been going on for over six decades till date. The magic is induced by the popular Birendra Krishna Bhadra whose voice makes the recitation of the “Chandi Kavya” even more magnificent! He has been a legend and the dawn of Mahalaya turns insipid without the reverberating and enchanting voice of the legendary man.

Mahalaya will keep spreading the magic and setting the vigor of the greatest festival of the Bengalis- the Durga Puja, to worship the supreme Goddess, eternally.

                 “Yaa Devi Sarbabhuteshu, Shakti Rupena Sanhsthita,

                     Namastaswai Namastaswai Namastaswai Namo Namaha.”

– by Antara Kumar of NewsGram. Twitter: @ElaanaC