Original URL: http://www.theregister.co.uk/2015/08/05/terracotta_vpn_rsa_research/
Terracotta: The Chinese VPN that hides Beijing's hackers with pwned biz
The company, which RSA codenamed 'Terracotta VPN', claims to have 1500 mostly-Windows nodes from 300 organisations distributed across China, the US, and South Korea.
Of those, 1095 are found in China, 572 in the US, two in Britain, and one in Australia.
Lead RSA researcher Kent Backman, together with Alex Cox, Steven Sipes, Ahmed Sonbol, and others from the incident response and labs teams published the findings in the paper Terracotta VPN: Enabler of Advanced Threat Anonymity [PDF] to be presented at the BlackHat conference in Las Vegas this week.
Advanced attack groups including Deep Panda have used the illicit infrastructure. Hacked organisations powering the network include an unnamed Fortune 500 hotel chain, US Federal Government contractors, a US county Government, universities in Taiwan and Singapore, and scores of small businesses.
"This report by RSA Research may represent the first exposure of a PRC-based VPN operation that maliciously, efficiently and rapidly enlists vulnerable servers around the world," the researchers wrote.
"It is the first time RSA Research has seen DeepPanda and other similar APT (advanced persistent threat) actors using such networks for anonymisation and obfuscation."
The team posits that Terracotta would save significant cash hosting servers on the internet rather than juggling some 300 international transactions a month.
None of the hacked businesses used hardware firewalls to protect internet-facing servers.
(Score: 2) by Farkus888 on Monday August 10 2015, @03:01PM
This isn't insecurity by mandate this is insecurity by stupidity. None of the organizations have hardware Firewalls. They could have done better even in a worst case scenario of mandated back doors.