Never miss a story

Get subscribed to our newsletter


×
Hacking (representational Image), VOA

New Delhi, April 10, 2017: Raising an alarm for the IT service providers and manufacturing companies in India, US-based cyber security group FireEye has claimed that a new set of tools is being used by China-based cyber espionage group APT10 to steal confidential business data from domestic firms to support Chinese corporations.

FireEye has been tracking APT10 since 2009 and they have historically targeted construction, engineering, aerospace, telecom firms and governments in the US, Europe and Japan.


NewsGram brings to you latest new stories in India.

“IT services have been a core engine of India’s economic growth, with service providers here scaling the value chain to manage business-critical functions of top global organisations. Campaigns like this highlight risks which all organisations should factor into their operations,” said Kaushal Dalal, Managing Director, FireEye, India, in a statement on Monday.

Please Follow NewsGram on Facebook To Get Latest Updates!

APT10 activity has included both traditional spear phishing and access to victim’s networks through service providers.

Service providers have significant access to customer networks, enabling an attacker who had compromised a service provider to move laterally into the network of the service provider’s customer.

Go to NewsGram and check out news related to political current issues.

“Targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations,” said FireEye in an earlier blog post.

In addition, web traffic between a service provider’s customer and a service provider is likely to be viewed as benign by network defenders at the customer, allowing the attacker to exfiltrate data stealthily.

APT10 unveiled new tools in its 2016/2017 activity.

“HAYMAKER” and “SNUGRIDE” have been used as first-stage backdoors, while “BUGJUICE” and a customised version of the open source “QUASARRAT” have been used as second stage backdoors.

These new pieces of malware show that APT10 is devoting resources to capability development and innovation.

Look for latest news from India in NewsGram.

HAYMAKER is a backdoor that can download and execute additional payloads in the form of modules. BUGJUICE, also a backdoor, executed by launching a benign file and then hijacking the search order to load a malicious dll into it.

That malicious dll then loads encrypted shellcode from the binary, which is decrypted and runs the final BUGJUICE payload.

BUGJUICE defaults to TCP using a custom binary protocol to communicate with the C2, but can also use HTTP and HTTPs if directed by the C2. It has the capability to find files, enumerate drives, exfiltrate data, take screenshots and provide a reverse shell.

SNUGRIDE communicates with its C2 server through HTTP requests. Messages are encrypted using AES with a static key.

ALSO READ: Genetically Modified Mosquitoes To Be Released By Florida

The malware’s capabilities include taking a system survey, access to the filesystem, executing commands and a reverse shell. Persistence is maintained through a Run registry key, the post added.

QUASARRAT is a fully functional .NET backdoor that has been used by multiple cyber espionage groups in the past. (IANS)


Popular

Wikimedia

Katrina Kaif and Vicky Kaushal are scheduled to reach Hotel Six Senses Fort Barwara located at Chauth Ka Barwara, by 9 p.m. on Monday.

Final preparations are in full swing at Six Senses Fort Barwara which will host the much talked about wedding of celebrity couple Vicky Kaushal and Katrina Kaif.

According to sources, the event company working for this wedding has procured crystal balls and chandeliers from abroad to give a royal look to the wedding. These will be installed in the hotel soon.

Keep Reading Show less
Unsplash

Meta-owned WhatsApp on Monday announced an incubator programme in India.

Meta-owned WhatsApp on Monday announced an incubator programme in India that will select 10 organisations and help them build digital solutions to tackle critical health issues.

Called the WhatsApp Incubator Programme (WIP), the initiative aims to facilitate positive and measurable health outcomes at scale by leveraging the WhatsApp Business Platform.

Keep Reading Show less
Unsplash

India has to define its stand and negotiate its international policy keeping in view the nation's best interests of the long run.

By D.C. Pathak

Advent of Biden Presidency with its resonating calls of 'America is back', 'we will repair our alliances' and 'will engage with the world once again' on one hand and the rise of President Xi Jinping with a stronger hold on China after the Plenary session of the 19th Central Committee of CPC, on the other, have got strategic analysts to examine if a new Cold War was already on the horizon.

Keep reading... Show less