New Delhi, April 10: China-based cyber hacker to steal confidential business data from domestic firms to support Chinese corporations claimed by US-based cyber security group APT10.
They generally targeted construction, engineering, aerospace, telecom firms and governments in the US, Europe and Japan, according to the research of FireEye.
“IT services have been a core engine of India’s economic growth, with service providers here scaling the value chain to manage business-critical functions of top global organisations. Campaigns like this highlight risks which all organisations should factor into their operations,” said Kaushal Dalal, Managing Director, FireEye, India, in a statement on Monday. .
Attackers can attack customers through Service providers and web traffic as they have access to customer networks.
“Targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations,” said FireEye in an earlier blog post.
APT10 unveiled new tools in its 2016/2017 activity.
“HAYMAKER” and “SNUGRIDE” have been used as first-stage backdoors, while “BUGJUICE” and a customised version of the open source “QUASARRAT” have been used as second stage backdoors.
APT10 is devoting resources to capability development and innovation.
BUGJUICE defaults to TCP using a custom binary protocol to communicate with the C2, but can also use HTTP and HTTPs if directed by the C2. It has the capability to find files, enumerate drives, exfiltrate data, take screenshots and provide a reverse shell.
SNUGRIDE communicates with its C2 server through HTTP requests. Messages are encrypted using AES with a static key.
QUASARRAT is a fully functional .NET backdoor that has been used by multiple cyber espionage groups in the past.