SECURITY
SECURITY
SECURITY
Chinese hacking group credited with attacks on MSP, retailer and law firm
Six weeks after the U.S. Department of Justice indicted two Chinese nationals over their role in the hacking group APT10, security researchers have detailed a campaign from the group that targeted systems in the U.S. and Norway.
Detailed today in a report written by researchers at Recorded Future Inc. and Rapid7 Inc., the APT10 “sustained campaign” ran between November 2017 and September 2018.
The campaign targeted Norwegian managed services provider Visma Software AS as well as an international apparel company and an American law firm that specializes in intellectual property law. The unnamed IP law firm is said to have clients in the pharmaceutical, tech, biomedical and automotive industries.
In all three cases, the attackers gained access to networks through deployments of Citrix and LogMeIn remote-access software using stolen valid user credentials. Once they got access, the hackers elevated their privileges before using “DLL sideloading” techniques to deliver malware.
The malware used is described as a newly discovered version of the Trochilus remote access trojan. Trochilus, first detected in 2015, was described at the time as designed to be used in cyberespionage operations.
Just how many people and companies were affected by the APT10 hacks is not known. Visma is a billion-dollar Norwegian software company that claims to have 850,000 customers around the world, meaning that any number of those customers could have been the target.
“We believe APT10 is the most significant Chinese state-sponsored cyber threat to global corporations known to date,” the researchers wrote. “On top of the breadth, volume, and targets of attacks that APT10 has conducted since at least 2016, we now know that these operations are being run by the Chinese intelligence agency, the Ministry of State Security.”
The state-sponsored angle is notable because these attacks are not designed to raise money through extortion but to steal intellectual property. Previous attacks by the group have covered a diverse array of commercial activity, industries and technologies as well as government agencies, including the National Aeronautics and Space Administration.
Image: Recorded Future
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
