China-based hackers attacked military-industrial plants, research institutes, government agencies, and ministries in several countries and were able to even hijack the IT infrastructure of some, taking control of systems used to manage security solutions, a new report has revealed.
Researchers at cyber-security firm Kaspersky detected a wave of targeted attacks on military-industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan.
“In the course of our research, we were able to identify over a dozen of attacked organizations,” the researchers said.
The analysis suggests that “it is highly probable that a Chinese-speaking group is behind the attacks”.
The researchers tagged TA428, a Chinese-speaking APT group, behind the series of attacks using six backdoor malware.
The attackers penetrated the enterprise network using carefully crafted phishing emails.
“In the course of our investigation, we discovered that, in some cases, the attackers create phishing emails using information that is not publicly available, such as the full names of employees responsible for handling sensitive information, as well as internal codenames of projects developed by attacked organizations,” the team noted.
Phishing emails contain Microsoft Word documents with embedded malicious code that exploits the CVE-2017-11882 vulnerability, which enables an attacker to execute arbitrary code without any additional user activity.
In the new series of attacks, the attackers used six different backdoors at the same time — probably to set up redundant communication channels with infected systems in case one of the malicious programs was detected and removed by a security solution.
“The backdoors used to provide extensive functionality for controlling infected systems and collecting confidential data,” said Kaspersky.
The attack targeted industrial plants, design bureaus, and research institutes, government agencies, ministries, and departments in several East European countries (Belarus, Russia, and Ukraine), as well as Afghanistan, it added.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.