How cyber espionage works: Bitdefender analyzes APT attack on Southeast Asian authorities. Bitdefender's security researchers have taken a closer look at a complex and targeted chain of attacks by organized APT hackers.
They were able to trace a cycle of cyber espionage in detail. Specifically, it concerns attacks on government organizations in Southeast Asia, which have presumably been carried out since 2018. The perpetrators allegedly wanted to divert information about national security interests as well as other sensitive data and engage in industrial espionage. In a whitepaper, the Bitdefender specialists present an in-depth analysis of the techniques used and their interaction as well as a chronological breakdown of the attack chain.
200 systems affected in the last two years
The first indications of activities can be dated to November 2018. The main phase began in early 2019. In the first five months of the year, around 200 systems showed symptoms of the attack. Apparently the infrastructure built for this is currently not active, even if a few elements are still in operation.
Long-term infiltration for espionage purposes
A comprehensive arsenal of droppers and tools such as the backdoors Chinoxy, PCShare RAT and FunnyDream was used. Certain forensic artifacts point to highly specialized Chinese authors, for example Remote Access Trojans (RAT) or other resources used whose origin is attributed to the People's Republic. Obviously, the authors are compromising domain controllers in the victims' network. The APT experts achieved their long-term presence in the networks through digitally signed binary files. These offered a gap in order to load a backdoor into the memory via a sideload. In the next step, they could move around the network and gain long-term control over a large number of machines in the company's IT infrastructure. They monitored the activities of the attacked organizations and the information extracted.
Whitepaper is ready
The Bitdefender threat analysts' report on cyber espionage with the attack on government organizations in Southeast Asia is available as a whitepaper for free download here.
Directly to the whitepaper as PDF Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de