Connect with us

Hi, what are you looking for?

HEADLINES

Nearly half of advanced targeted attacks in Q3 came from Chinese-speaking cybercriminals

The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals. 

In total, 10 of the 24 research projects on advanced targeted attacks conducted by Kaspersky Lab in Q3 centered around activities attributed to multiple actors in the Chinese region. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

Research conducted during the period of July-September 2017 revealed a number of developments in the area of targeted attacks by, among others, Chinese-, Russian-, English-, and Korean-speaking threat actors.

Chinese criminals in particular were specifically active during this period. Their revitalization has affected not only various organizations, but also government and political bodies as well as huge regional agreements – bringing international relations into the business of advanced targeted attacks.

Advertisement. Scroll to continue reading.

Kaspersky Lab’s report also notes a rise of cyber-espionage attacks by Chinese-speaking actors. The most interesting of the attacks were Netsarang/ShadowPad and CCleaner – both of which involved embedding specific backdoors inside the installation packages of legitimate software. CCleaner alone managed to infect 2 million computers, making it one of the biggest attacks of 2017.

The report also reveals growing Chinese-speaking actors’ interest in attacks on strategic facilities and economy sectors. At least two separate reports provide clear cases in point:

  1. IronHusky attack on Russian and Mongolian aviation companies and research institutes. This campaign was discovered in July, when the two countries were targeted with a Poison Ivy variant from a Chinese-speaking threat actor. The attack was connected to Mongolian air defense prospects, which were a key subject of negotiations held with Russia earlier in the year.
  1. H2ODecomposition attack on the energy sectors of India and Russia. Both countries’ energy sectors were targeted with a new piece of malware referred to as “H2ODecomposition”. In some cases, this malware was masquerading as a popular Indian antivirus solution (QuickHeal).

Furthermore, in Q3 2017 Kaspersky Lab experts issued several reports on Russian-speaking actors. Most of them were dedicated to financial and ATM attacks, however, one report examined Sofacy’s summertime activity, indicating that the group remained active.

Speaking of English-speaking actors, the third quarter also produced yet another member of the Lamberts: Red Lambert. The Lamberts is a family of sophisticated attack tools that has been used by either one or multiple threat actors against high-profile victims since at least 2008.

The Red Lambert is a network-driven backdoor, discovered during the previous analysis of Grey Lambert and utilized instead of hard-coded SSL certificates in command and control communications.

“The targeted threat landscape is evolving constantly, not only in terms of cybercriminals’ being increasingly well-prepared and technologically sophisticated, but also in terms of geography. The rise of Chinese-speaking actors once again demonstrates the importance of investing in threat intelligence and arming organizations with insight on the latest trends and developments,” said Brian Bartholomew, Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Sophos X-Ops first reported on what they named Operation Crimson Palace in June and detailed Sophos X-Ops' discovery of three separate clusters of Chinese...

HEADLINES

“Smart assures our customers that we are continuously enhancing our network infrastructure to reject fraudulent SIM registration as we intensify our efforts against mobile...

HEADLINES

To improve their cybersecurity efficiency, businesses are looking for all-encompassing solutions that enable full visibility of what’s happening in company’s IT infrastructure, leveraging a...

HEADLINES

Smart had earlier reported a marked decline in SMShing, or phishing over SMS, after it activated its new and more advanced network firewall.

HEADLINES

In the Philippines, when a data breach occurs, companies have up to 72 hours to notify affected individuals. During this period, malicious actors may...

White Papers

An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap. At the same time, the 2024 Global Cybersecurity Skills Gap...

White Papers

In the report, Sophos X-Ops shares posts found on the dark web that show how ransomware gangs refer to their targets as “irresponsible and...

HEADLINES

Kaspersky emphasises potential offensive applications of AI by cybercriminals and the need for developing proactive cybersecurity defences.

Advertisement