chinese hacker group is now targeting fireeye

       hacker
Raising an alarm for the IT(information Technology) service providers and manufacturing companies in India, US-based cyber securaty group Fire Eye has claimed that a new set of tools is being used by China-based cyber espionage group APT 10 to steal confidential business data from domestic firms to support Chinese corporations.

Fire Eye has been tracking APT 10 since 2009 and they have historically targeted construction, engineering, aerospace, telecom firms and governments in the US, Europe and Japan.

"IT services have been a core engine of India's economic growth, with service providers here scaling the value chain to manage business-critical functions of top global organisations. Campaigns like this highlight risks which all organisations should factor into their operations," said Kaushal Dalal, managing director, Fire Eye
APT 10 activity has included both traditional spear phishing and access to victim's networks through service providers.

Service providers have significant access to customer networks, enabling an attacker who had compromised a service provider to move laterally into the network of the service provider's customer.

"Targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations," said Fire Eye in an earlier blog post.

In addition, web traffic between a service provider's customer and a service provider is likely to be viewed as benign by network defenders at the customer, allowing the attacker to ex filtrate data stealthily.

APT 10 unveiled new tools in its 2016/2017 activity.

"HAYMAKER" and "SNUGRIDE" have been used as first-stage back doors, while "BUGJUICE" and a customised version of the open source "QUASARRAT" have been used as second stage back doors.

These new pieces of malware show that APT 10 is devoting resources to capability development and innovation.

HAYMAKER is a backdoor that can download and execute additional payloads in the form of modules. BUGJUICE, also a backdoor, executed by launching a benign file and then hijacking the search order to load a malicious .dll into it.

That malicious dll then loads encrypted shellcode from the binary, which is decrypted and runs the final BUGJUICE payload.

 BUGJUICE defaults to TCP (it is a protocol) using a custom binary protocol to communicate with the C 2, but can also use HTTP and HTTP s if directed by the C 2. It has the capability to find files, enumerate drives, ex filtrate data, take screenshots and provide a reverse shell.


SNUGRIDE communicates with its C 2 server through HTTP requests. Messages are encrypted using AES with a static key.


The malware's capabilities include taking a system survey, access to the files system, executing commands and a reverse shell. Persistence is maintained through a Run registry key, the post added.


QUASARRAT is a fully functional .NET backdoor that has been used by multiple cyber espionage groups in the past.

Comments

Post a Comment

Popular posts from this blog

code

@echo off :Menu cls echo Welcome To All Mighty Tech Quiz Game! pause >nul echo. echo Quiz Game echo Press 1 to start and 2 to exit from game. echo. echo 1.Start it up! echo 2.Exit :( echo. set /p input=Enter: if "%input%" == "1" goto Start if "%input%" == "2" exit :Start cls set /p name=Insert Your Full Name?: goto lvl1 :lvl1 cls echo Hello, %name%  AMT is processing for the game now press enter button to start the game. pause >nul cls echo Here goes the first question to you pause >nul cls echo. echo  Your 1st Question Is echo. echo who is the creator of Minecraft? echo. echo 1. Notch echo 2. Bob echo 3. Jeb echo 4. Steve echo. set /p input=Enter Answer: if "%input%" == "1" goto CORRECT1 if "%input%" == "2" goto WRONG1 if "%input%" == "3" goto WRONG1 if "%input%" == "4" goto WRONG1 :CORRECT1 cls echo You got it right! pause >nul goto lvl2 :WRONG1 cls echo...
Read more

Make A Free Game Simply Using PC

Image
code for this is @echo off color 2e title CMD Snake Game    -ALL MIGHTY TECH if "%~1" == "startGame" goto :game if "%~1" == "startController" goto :controller set "choice=" 2>nul >nul choice /c:yn /t 0 /d y if errorlevel 1 if not errorlevel 2 set "choice=choice /cs" if not defined choice (   2>nul >nul choice /c:yn /t:y,1   if errorlevel 1 if not errorlevel 2 set "choice=choice /s" ) if not defined choice (   echo ERROR: This game requires the CHOICE command, but it is missing.   echo Game aborted. :(   echo(   echo A 16 bit port of CHOICE.EXE from FREEDOS is available at   echo http://winsupport.org/utilities/freedos-choice.html   echo(   echo A 32 bit version from ??? suitable for 64 bit machines is available at   echo http://hp.vector.co.jp/authors/VA007219/dkclonesup/choice.html   echo(   exit /b ) set "keys=ABCDEFGHIJKLMNOPQRSTU...
Read more