- Joined
- Jun 13, 2020
- Messages
- 6,377
- Reaction score
- 890
- Points
- 212
- Awards
- 2
Groupings carry out cross-platform attacks on internal servers of companies.
BlackBerry experts reported a massive malware campaign in which 5 Chinese cybercriminals compromised organizations from various industries in an attempt to steal intellectual property and other sensitive business data.
Groupings have successfully attacked companies in several critical industries through cross-platform attacks on internal servers with sensitive data. Attackers focused on enterprise Linux servers, as many of these systems are usually not as well-protected as other key infrastructures.
Among the groupings, 4 were already known to specialists earlier: Bronze Union (Emissary Panda, APT27), PassCV, Casper (Lead) and WINNTI. The fifth is relatively new and is called WLNXSPLINTER. The groupings identified by experts are presumably made up of civilian contractors who work in the interests of the Chinese government and are willing to exchange tools, methods, infrastructure, and stolen information between themselves and their government counterparts. Although the criminals pursued different goals and focused on a wide range of tasks, there was a significant degree of coordination between them during attacks on Linux platforms.
Specialists have discovered a whole range of Linux kernel-level malware, which is in service with Chinese APTs. Malicious programs include backdoors, trojans for remote access and implants for a wide range of malicious activities. One of the groups is associated with a huge DoS bot, first discovered in 2014 during attacks in Asia.
The groupings target Red Hat Enterprise, CentOS, and Ubuntu Linux systems in organizations in almost every geographic region and in almost all industries, including government, defense, military, technology, telecommunications, pharmaceuticals, manufacturing, and gaming. Attackers use hacked Linux servers as a bridgehead, undetected.
In addition to distributing malware for Linux, all five groups also targeted internal Windows systems and Android devices. The study also revealed two new malware samples for Android. One of them is very similar to the code of a commercial penetration testing tool, however, the malware was created almost two years before the tool went on sale.
BlackBerry experts reported a massive malware campaign in which 5 Chinese cybercriminals compromised organizations from various industries in an attempt to steal intellectual property and other sensitive business data.
Groupings have successfully attacked companies in several critical industries through cross-platform attacks on internal servers with sensitive data. Attackers focused on enterprise Linux servers, as many of these systems are usually not as well-protected as other key infrastructures.
Among the groupings, 4 were already known to specialists earlier: Bronze Union (Emissary Panda, APT27), PassCV, Casper (Lead) and WINNTI. The fifth is relatively new and is called WLNXSPLINTER. The groupings identified by experts are presumably made up of civilian contractors who work in the interests of the Chinese government and are willing to exchange tools, methods, infrastructure, and stolen information between themselves and their government counterparts. Although the criminals pursued different goals and focused on a wide range of tasks, there was a significant degree of coordination between them during attacks on Linux platforms.
Specialists have discovered a whole range of Linux kernel-level malware, which is in service with Chinese APTs. Malicious programs include backdoors, trojans for remote access and implants for a wide range of malicious activities. One of the groups is associated with a huge DoS bot, first discovered in 2014 during attacks in Asia.
The groupings target Red Hat Enterprise, CentOS, and Ubuntu Linux systems in organizations in almost every geographic region and in almost all industries, including government, defense, military, technology, telecommunications, pharmaceuticals, manufacturing, and gaming. Attackers use hacked Linux servers as a bridgehead, undetected.
In addition to distributing malware for Linux, all five groups also targeted internal Windows systems and Android devices. The study also revealed two new malware samples for Android. One of them is very similar to the code of a commercial penetration testing tool, however, the malware was created almost two years before the tool went on sale.