HomesecurityChinese hackers target Japanese organizations

Chinese hackers target Japanese organizations

Chinese hackers are behind a hacking large-scale campaign targeting Japanese organizations.

It is said that they are hackers of APT10 (also known as Cicada, Stone Panda and Cloud Hopper). This team performs espionage campaigns for ten years. The hackers have targeted managed service providers (MSPs) and many organizations affiliated with Japan.

Chinese hackers Japanese organizations

As part of its recent campaign, APT10 uses one combination of live-off-the-land tools and malware, such as Backdoor.Hartip (new addition).

According to security researchers, Chinese hackers have violated domain controllers and file servers and have steal data from the infected systems.

One of the main features of this hacking campaign was its extensive use DLL side-loading.

The attacks most likely started in mid-October 2019 and continued at least until early October 2020. In some cases, The Chinese hackers managed to stay inside the breached network for at least a year.

According to researchers, the victims it was mainly large, well-known organizations, many of which are based in or affiliated with Japan. In general, the attacks focused on South and East Asia. One of the victims was a Chinese subsidiary of a Japanese organization.

The victims belonged to the following sectors: automotive industry (including suppliers of spare parts for cars), clothing, government services, general trade, industrial products, MSPs, pharmaceutical and professional services etc.

Chinese hackers used living-off-the-land, dual-use and other publicly available tools for network scanning, theft credentials etc.

Η area and complexity This campaign shows that it is the work of a large state group. Symantec researchers have found enough evidence that allows them to say with relative certainty that the team behind them attacks is the Chinese APT10.

This week, another was released report from KELA, which says that data belonging to Japanese Companies (government and educational) have been found on the Dark Web. Exposed data includes stolen credentials that provide access to internal networks.

Between June and October 2020, KELA observed 11 attacks against Japanese organizations (mainly ransomware).

Source: Security Week

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!