Chinese hackers are using backdoors to gain unrestricted access to companies and governments — and it’s not about the money
- A new advanced persistent threat (APT) attack was discovered targeting companies and government institutions in
Central Asiaby digital security firms Avast and ESET.
- It planted backdoors within the network to manipulate and delete files, take screenshots and execute console commands.
- Unlike other malware, APT attacks aren’t motivated by money but by “politics and ideals,” Luigion Camastra, a malware researcher with Avast told Business Insider.
- The best offence against these kinds of attacks is a good defence.
Unlike other attacks, where hackers are known to follow the money, APT attacks have a whole other agenda. “APT groups are typically state-sponsored and motivated by politics and ideals, rather than money,” Luigino Camastra, a malware researcher with Avast told Business Insider.
Based on their analysis, the companies’ believe that the group behind the latest attack on Central Asia is from China based on the remote access tools (RATs) used. And, this isn’t their first time around the block.
“Further analysis leads us to believe the same group behind this attack, was also responsible for attacks against the Belarusian government and Russian military in late 2017,” said Camastra.
These hackers don’t want anyone to know they had access to the system in the first place
Unlike ransomware, which has recently made headlines for compromising for many a network — including IT services company Cognizant and law firm Grubman Shire Meiselas & Sacks, which manages the accounts of global A-list celebrities — APT actors want to stay unnoticed and inside networks for as long as possible.
They have no intention of downloading the information for blackmail. Instead, they want to stay inside the system for as long as possible to manipulate and delete files, take screenshots, alter processes and services, and execute console commands.
“For now, we don’t have any proof or indication of what exactly was manipulated or deleted during the
In order for the attack to be effective, they even remove themselves after the work is done so that nobody ever knows that they were in the system, to begin with. “Espionage, information, trade secrets – these are what fuel an APT group’s actions,” Camastra explained.
And they don’t want you to know what they’ve changed
As with other malware, the most common way that hackers are able to put in backdoors is by using phishing emails. However, the method can change depending on the attacker.
“Phishing emails can contain a malicious attachment or malicious link, especially at the initial stages of an attack. A malicious attachment may contain a backdoor or another malicious file,” said Camastra.
In order to avoid detection, the group used custom tools in addition to Gh0st remote access tool (RAT) and Management Instrumentation to move laterally within infiltrated networks. “This has led to a large number of samples, with binaries often protected by VMProtect, making analysis more difficult,” he said.
“For example, PoisonIvy, Korplug are also popular RATs that have been used by many APT groups,” he added.
There’s very little that companies can do about it
In the post COVID-19 world the best offence is a good defence. All you can really do is make sure that people are aware of the risks, and treat every link that passes through their email with healthy suspicion. For those working from home, make sure your applications are up-to-date to ensure that they have the latest security patches to catch any hacker trying to break through.
Lockdown 4.0 — India issues new guidelines allowing states to decide the red, green, and orange zones
Petrol and diesel get more expensive in Odisha as government hikes value-added tax
Video of an Uber ride is all the rage on TikTok and Instagram — the driver got himself a cockpit covered in plastic
Popular on BI
- Best weighing machine under ₹500
- Dharmaj Crop Guard IPO subscribed 1.79 times on day 1
- As Sensex, Nifty50 hit record highs, this is what experts are advising investors
- FM concludes week-long consultation meetings for Budget 2023-24
- WhatsApp data of 500 million users might be on sale says Mashable India