According to the British security company Positive Technologies, government agencies in India, Brazil, Kazakhstan, Russia, Thailand and Turkey have suffered damage to their systems as a result of these attacks.
As Engadget said on Monday, the team hacking Also known as Calypso APT, it is already attacking 2016.
Research conducted by Positive Technologies revealed that the team is attacking the perimeter of a network and places a specially designed program that gives her access to the victim's network. Hackers move through the network either exploiting a Remote Code Execution vulnerability (MS17-010) or using stolen credentials.
According to security researchers, organizations can avoid such attacks by using special programs that do in-depth analysis of the data flow in their network. Such programs detect suspicious activity in the early stages when an intruder tries to gain access on the LAN, thereby preventing a possible attack on its infrastructure company.
An additional way of protecting against such attacks is to monitor security incidents in conjunction with perimeter and web protection. applications.
The team used PlugX malware as well as the Byeby trojan in some of their attacks.
In some of their attacks, however, the hackers mistakenly revealed their actual IP addresses, so they were discovered to be from China.
As Positive Technologies said: “The team has had many successful attacks on its assets, but it still makes mistakes that allow us to guess where it came from. We are closely monitoring Calypso's activities and expect to be attacked again. "