According to a report by the company's research team Positive Technologies, for the last three years government organizations many countries accept online attacks. The company's researchers security claim that one is behind the attacks Chinese hacking group, known by name Calypso APT (or Advanced Persistent Threat).
Experts have found that the specific hackers have been particularly active in the last three years (since 2016) and have attacked its government agencies IndiaOf BrazilOf ΡωσίαςOf TurkeyOf Thailand and Καζακστάν.
Hackers first exploited the perimeter of organizations' systems and then used them specifically tools and malware to acquire access inside network. Once they got into the network, the hackers spread to all systems. They did this in two ways: by using stolen credentials and through exploitation vulnerabilities that allow it implementation code remotely.
With this simple method, the hacking team violated them systems government agencies of the above countries. According to researchers at Positive Technologies, the success of the Calypso APT attacks is related to the use of widely available public tools:
"These attacks were largely successful because the team was spreading across the network, using tools widely used by network management specialists."
The hackers used it public tools and exploits, like the SysInternals, Mimikatz, EternalBlue and EternalRomance.
Positive Technologists researchers are not sure about the nationality of the Calypso APT hackers. But they believe they are related to her China because they use malware PlugX, which is especially popular with Chinese hacking teams, like the Byeby trojan. In addition, they were able to discover some IP addresses and found that they were connected to Chinese providers.
For those interested, more details on the Calypso APT hacking attacks are available at Calypso APT report.