These Sneaky Hackers Hid Inside Their Victims' Networks for Nine Months
upstart writes:
These sneaky hackers hid inside their victims' networks for nine months:
Detailed by cybersecurity researchers at Symantec, the campaign is the work of a group they call Cicada - also known as APT10 - a state-sponsored offensive hacking group which western intelligence agencies have linked to Chinese Ministry of State Security. In some cases, the attackers spent as long as nine months inside the networks of victims.
[...] In several of the detected campaigns, evidence of initial activity on compromised networks has been seen on Microsoft Exchange Servers, suggesting the possibility that the intrusions started with attackers exploiting unpatched vulnerabilities in Microsoft Exchange which came to light in early 2021.
Once the attackers gain initial access, they use a variety of tools including Sodamaster, fileless malware which provides a backdoor onto machines, as well as a custom loader for dropping additional payloads. Both forms of malware have been used in previous campaigns by APT10.
The malware is capable of evading detection and it also obfuscates and encrypts any information which is sent back to command and control servers operated by the attackers. In addition to custom tools, the campaigns also use publicly available tools, to scan systems and execute commands.
The victims being targeted, along with the tools being deployed and the earlier history of the suspected culprit behind the attacks has led researchers to conclude that the most likely goal of the campaign is information theft and intelligence gathering.
Read more of this story at SoylentNews.