Friday, November 20, 13:20
Home security Chinese hackers target Japanese organizations

Chinese hackers target Japanese organizations

Chinese hackers are behind a hacking large-scale campaign targeting Japanese organizations.

It is said that they are hackers of APT10 (also known as Cicada, Stone Panda and Cloud Hopper). This team performs espionage campaigns for ten years. The hackers have targeted managed service providers (MSPs) and many organizations affiliated with Japan.

Chinese hackers Japanese organizations

As part of its recent campaign, APT10 uses one combination of live-off-the-land tools and malware, such as Backdoor.Hartip (new addition).

According to security researchers, Chinese hackers have violated domain controllers and file servers and have steal data from the infected systems.

One of the main features of this hacking campaign was its extensive use DLL side-loading.

The attacks most likely started in mid-October 2019 and continued at least until early October 2020. In some cases, The Chinese hackers managed to stay inside the breached network for at least a year.

According to researchers, the victims it was mainly large, well-known organizations, many of which are based in or affiliated with Japan. In general, the attacks focused on South and East Asia. One of the victims was a Chinese subsidiary of a Japanese organization.

The victims belonged to the following sectors: automotive industry (including suppliers of spare parts for cars), clothing, government services, general trade, industrial products, MSPs, pharmaceutical and professional services etc.

Chinese hackers used living-off-the-land, dual-use and other publicly available tools for network scanning, theft credentials etc.

Η area and complexity This campaign shows that it is the work of a large state group. Symantec researchers have found enough evidence that allows them to say with relative certainty that the team behind them attacks is the Chinese APT10.

This week, another was released report from KELA, which says that data belonging to Japanese Companies (government and educational) have been found on the Dark Web. Exposed data includes stolen credentials that provide access to internal networks.

Between June and October 2020, KELA observed 11 attacks against Japanese organizations (mainly ransomware).

Source: Security Week

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Chinese hackers target Japanese organizations

Chinese hackers are behind a large-scale hacking campaign targeting Japanese organizations. It is said that these are the ...

Mount Locker ransomware targets “TurboTax” tax software!

The Mount Locker ransomware gang is preparing for the tax period, aiming for TurboTax returns for encryption. Mount Locker ...

Jupiter, Saturn and Moon will form a triangle tonight

It is really sad that the sky has to offer us so many wonderful spectacles while we are locked in our house because of the pandemic ...

Facebook: Sues Turkish developer for Instagram clone sites

Facebook has sued a Turkish developer for operating a network with at least 20 Instagram clone sites.

Is the Muslim Pro app selling its data to the US military?

Singapore is investigating allegations that the mobile app, Muslim Pro, has sold its data to the US military ....

An error in Messenger allowed users to hear their calls

A dangerous error related to Messenger calls was discovered by Google's Project Zero team, which immediately reported the vulnerability ...

Google: Introduces end-to-end encryption for Android Messages

Google has announced that it will offer end-to-end encryption to all Android users, in an effort to enhance the security of personal messages ...

UN - Europol: Artificial intelligence (AI) "weapon" in the hands of hackers!

According to a new report by the UN and Europol entitled "Malicious Uses and Abuses of Artificial Intelligence", hackers use all ...

Cyble: accused of blackmailing victims of data breach

The emerging cyber security company, Cyble, which offers Dark Web monitoring services in real time, seems to be facing ...

GO SMS Pro: The popular chat application exposes user messages

GO SMS Pro, a popular Android chat application, with 100 million downloads, exposes private messages (mainly multimedia files) that send between ...