Tuesday, September 22, 2020
Home India China-based hacker group now targeting IT service providers and manufacturing companies in...

China-based hacker group now targeting IT service providers and manufacturing companies in India: US-based cyber security group FireEye

New Delhi, April 10, 2017: Raising an alarm for the IT service providers and manufacturing companies in India, US-based cyber security group FireEye has claimed that a new set of tools is being used by China-based cyber espionage group APT10 to steal confidential business data from domestic firms to support Chinese corporations.

FireEye has been tracking APT10 since 2009 and they have historically targeted construction, engineering, aerospace, telecom firms and governments in the US, Europe and Japan.

NewsGram brings to you latest new stories in India.

“IT services have been a core engine of India’s economic growth, with service providers here scaling the value chain to manage business-critical functions of top global organisations. Campaigns like this highlight risks which all organisations should factor into their operations,” said Kaushal Dalal, Managing Director, FireEye, India, in a statement on Monday.

Please Follow NewsGram on Facebook To Get Latest Updates!

APT10 activity has included both traditional spear phishing and access to victim’s networks through service providers.

Service providers have significant access to customer networks, enabling an attacker who had compromised a service provider to move laterally into the network of the service provider’s customer.

Go to NewsGram and check out news related to political current issues.

“Targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations,” said FireEye in an earlier blog post.

In addition, web traffic between a service provider’s customer and a service provider is likely to be viewed as benign by network defenders at the customer, allowing the attacker to exfiltrate data stealthily.

APT10 unveiled new tools in its 2016/2017 activity.

“HAYMAKER” and “SNUGRIDE” have been used as first-stage backdoors, while “BUGJUICE” and a customised version of the open source “QUASARRAT” have been used as second stage backdoors.

These new pieces of malware show that APT10 is devoting resources to capability development and innovation.

Look for latest news from India in NewsGram.

HAYMAKER is a backdoor that can download and execute additional payloads in the form of modules. BUGJUICE, also a backdoor, executed by launching a benign file and then hijacking the search order to load a malicious dll into it.

That malicious dll then loads encrypted shellcode from the binary, which is decrypted and runs the final BUGJUICE payload.

BUGJUICE defaults to TCP using a custom binary protocol to communicate with the C2, but can also use HTTP and HTTPs if directed by the C2. It has the capability to find files, enumerate drives, exfiltrate data, take screenshots and provide a reverse shell.

SNUGRIDE communicates with its C2 server through HTTP requests. Messages are encrypted using AES with a static key.

ALSO READ: Genetically Modified Mosquitoes To Be Released By Florida

The malware’s capabilities include taking a system survey, access to the filesystem, executing commands and a reverse shell. Persistence is maintained through a Run registry key, the post added.

QUASARRAT is a fully functional .NET backdoor that has been used by multiple cyber espionage groups in the past. (IANS)

STAY CONNECTED

19,144FansLike
362FollowersFollow
1,775FollowersFollow

Most Popular

Self-Driving Cars To Navigate Rush Hour Traffic On This Planet: NASA

A laser-based technology designed to help spacecraft land on a proverbial dime for missions to the Moon and Mars is also helping self-driving cars...

Choose Correct Diet And Workout To Stay Motivated: Actor Sunny Singh

Actor Sunny Singh says when you choose the correct diet and workout, you will always be motivated. "It's been quite a long that I've been...

ICAR Builds Technology To Make Bacteriophages To Control Shrimp Diseases

The ICAR-Central Institute of Brackishwater Aquaculture (CIBA) on Monday said it has transferred its technology to make bacteriophages, or viruses that eat bacteria, to...

NEP Arrived When India Is Redefining Itself As “Atmanirbhar Bharat”

The New Education Policy (NEP) has infused a new wave of optimism with the vision of strengthening the education system, branching out into varied...

Venom Of Largest Spiders To Help Irritable Bowel Syndrome Patients

The venom from one of the largest spiders in the world may bring the hope to ease the gut pain suffered by millions of...

Ketogenic Diet May Reduce Risk of Alzheimer’s Disease

Eating healthy, low calorie food could help fight the fungi in the gut and thus reduce the risk of dementia among senior citizens, doctors...

45% of the Top 100 Google Searches Related to Travel Amid Pandemic

After living months in isolation during the pandemic, the travel bug has hit millions of people and according to Google, 45 per cent of...

Bollywood Kills, Sexually Abuses: Debates Parliament

Bollywood kills, Bollywood sexually abuses', were some of the allegations that resonated in the Parliament House complex on Monday. BJP Rajya Sabha member Roopa Ganguly,...

Recent Comments