Thursday, January 21, 2021
Home India China-based hacker group now targeting IT service providers and manufacturing companies in...

China-based hacker group now targeting IT service providers and manufacturing companies in India: US-based cyber security group FireEye

New Delhi, April 10, 2017: Raising an alarm for the IT service providers and manufacturing companies in India, US-based cyber security group FireEye has claimed that a new set of tools is being used by China-based cyber espionage group APT10 to steal confidential business data from domestic firms to support Chinese corporations.

FireEye has been tracking APT10 since 2009 and they have historically targeted construction, engineering, aerospace, telecom firms and governments in the US, Europe and Japan.

NewsGram brings to you latest new stories in India.

“IT services have been a core engine of India’s economic growth, with service providers here scaling the value chain to manage business-critical functions of top global organisations. Campaigns like this highlight risks which all organisations should factor into their operations,” said Kaushal Dalal, Managing Director, FireEye, India, in a statement on Monday.

Please Follow NewsGram on Facebook To Get Latest Updates!

APT10 activity has included both traditional spear phishing and access to victim’s networks through service providers.

Service providers have significant access to customer networks, enabling an attacker who had compromised a service provider to move laterally into the network of the service provider’s customer.

Go to NewsGram and check out news related to political current issues.

“Targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations,” said FireEye in an earlier blog post.

In addition, web traffic between a service provider’s customer and a service provider is likely to be viewed as benign by network defenders at the customer, allowing the attacker to exfiltrate data stealthily.

APT10 unveiled new tools in its 2016/2017 activity.

“HAYMAKER” and “SNUGRIDE” have been used as first-stage backdoors, while “BUGJUICE” and a customised version of the open source “QUASARRAT” have been used as second stage backdoors.

These new pieces of malware show that APT10 is devoting resources to capability development and innovation.

Look for latest news from India in NewsGram.

HAYMAKER is a backdoor that can download and execute additional payloads in the form of modules. BUGJUICE, also a backdoor, executed by launching a benign file and then hijacking the search order to load a malicious dll into it.

That malicious dll then loads encrypted shellcode from the binary, which is decrypted and runs the final BUGJUICE payload.

BUGJUICE defaults to TCP using a custom binary protocol to communicate with the C2, but can also use HTTP and HTTPs if directed by the C2. It has the capability to find files, enumerate drives, exfiltrate data, take screenshots and provide a reverse shell.

SNUGRIDE communicates with its C2 server through HTTP requests. Messages are encrypted using AES with a static key.

ALSO READ: Genetically Modified Mosquitoes To Be Released By Florida

The malware’s capabilities include taking a system survey, access to the filesystem, executing commands and a reverse shell. Persistence is maintained through a Run registry key, the post added.

QUASARRAT is a fully functional .NET backdoor that has been used by multiple cyber espionage groups in the past. (IANS)

STAY CONNECTED

19,120FansLike
362FollowersFollow
1,773FollowersFollow

Most Popular

Heart Disease Risk: Women Under 55 With Diabetes

Women, who are under 55, with Type-2 diabetes are at greater risk of developing coronary heart disease, a new study suggests. The study indicates...

Women Sailing Crew To Fight Against Marine Plastic Pollution

The Commonwealth Secretariat has signed a Memorandum of Understanding with 'eXXpedition', a non-profit organization that runs all-women sailing expeditions to research the causes of...

A screening Tool To Diagnose Depressive Symptoms In Early Pregnancy

Researchers have identified a screening tool that may help diagnose depressive symptoms and other mental disorders in early pregnancy. The study, published in the...

AI To Read The Facial Expressions Of Women In Distress

The Lucknow police are deploying facial recognition technology backed by security cameras that will read expressions of women in distress and alert their nearest...

Queer Spaces To Check Out In Philadelphia

In 1965, four years before the Stonewall Riots in New York ignited the worldwide modern gay rights movement, a group of protesters began an...

Maldives The Most Preferred Holiday Destination For India

India has always been a key market for the Maldives. Since the reopening of the borders, the arrival statistics have shown gradual and constant...

Cristiano Ronaldo Becomes The Top Goal Scorer In Football History

Cristiano Ronaldo has become the top goalscorer in football history as his Juventus side won the Italian Super Cup (Supercoppa) for the ninth time,...

70% Rise In Towing Assistance Queries Post-Accidents On Highways

Around 1.50 lakh people die in road accidents every year. Maharashtra saw a fall in accidents last year, with around 25,000 reported accidents which...

Recent Comments