- A new advanced persistent threat (APT) attack was discovered targeting companies and government institutions in Central Asia by digital security firms Avast and ESET.
- It planted backdoors within the network to manipulate and delete files, take screenshots and execute console commands.
- Unlike other malware, APT attacks aren’t motivated by money but by “politics and ideals,” Luigion Camastra, a malware researcher with Avast told Business Insider.
- The best offence against these kinds of attacks is a good defence.
The digital security companies’, Avast and ESET, found that an advanced persistent threat (APT) attack was targeting companies and government institutions in Central Asia — planting backdoors to ensure that they had long-term access to corporate networks. This included a a telecommunications company, a gas company, and a governmental institution in Central Asia.
Unlike other attacks, where hackers are known to follow the money, APT attacks have a whole other agenda. “APT groups are typically state-sponsored and motivated by politics and ideals, rather than money,” Luigino Camastra, a malware researcher with Avast told Business Insider.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More Based on their analysis, the companies’ believe that the group behind the latest attack on Central Asia is from China based on the remote access tools (RATs) used. And, this isn’t their first time around the block.
“Further analysis leads us to believe the same group behind this attack, was also responsible for attacks against the Belarusian government and Russian military in late 2017,” said Camastra.
These hackers don’t want anyone to know they had access to the system in the first place
Unlike ransomware, which has recently made headlines for compromising for many a network — including IT services company
Cognizant and law firm
Grubman Shire Meiselas & Sacks, which manages the accounts of global A-list celebrities — APT actors want to stay unnoticed and inside networks for as long as possible.
They have no intention of downloading the information for blackmail. Instead, they want to stay inside the system for as long as possible to manipulate and delete files, take screenshots, alter processes and services, and execute console commands.
“For now, we don’t have any proof or indication of what exactly was manipulated or deleted during the
APT attack. However, the backdoor has a set of commands specifically targeting files with the .tu and .tut file extensions, we don’t know exactly what the content of these files was,” said Camastra.
In order for the attack to be effective, they even remove themselves after the work is done so that nobody ever knows that they were in the system, to begin with. “Espionage, information, trade secrets – these are what fuel an APT group’s actions,” Camastra explained.
And they don’t want you to know what they’ve changed
As with other malware, the most common way that hackers are able to put in backdoors is by using phishing emails. However, the method can change depending on the attacker.
“Phishing emails can contain a malicious attachment or malicious link, especially at the initial stages of an attack. A malicious attachment may contain a backdoor or another malicious file,” said Camastra.
In order to avoid detection, the group used custom tools in addition to Gh0st remote access tool (RAT) and Management Instrumentation to move laterally within infiltrated networks. “This has led to a large number of samples, with binaries often protected by VMProtect, making analysis more difficult,” he said.
“For example, PoisonIvy, Korplug are also popular RATs that have been used by many APT groups,” he added.
There’s very little that companies can do about it
Malware attacks are only becoming more common as people work from home and hackers are taking advantage of the unaware. “Effectively protecting organizations against the APT attacks has been proven to be very difficult as there are millions of malware variations,” explained Camastra.
In the post COVID-19 world the best offence is a good defence. All you can really do is make sure that people are aware of the risks, and treat every link that passes through their email with healthy suspicion. For those working from home, make sure your applications are up-to-date to ensure that they have the latest security patches to catch any hacker trying to break through.
SEE ALSO:
Lockdown 4.0 — India issues new guidelines allowing states to decide the red, green, and orange zones
Petrol and diesel get more expensive in Odisha as government hikes value-added tax
Video of an Uber ride is all the rage on TikTok and Instagram — the driver got himself a cockpit covered in plastic
Next Story
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
Axis Bank posts net profit of ₹7,129 cr in March quarter
7 Best tourist places to visit in Rishikesh in 2024
From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
7 Things to do on your next trip to Rishikesh
