These sneaky hackers hid inside their victims' networks for nine months:
Detailed by cybersecurity researchers at Symantec, the campaign is the work of a group they call Cicada – also known as APT10 - a state-sponsored offensive hacking group which western intelligence agencies have linked to Chinese Ministry of State Security. In some cases, the attackers spent as long as nine months inside the networks of victims.
[...] In several of the detected campaigns, evidence of initial activity on compromised networks has been seen on Microsoft Exchange Servers, suggesting the possibility that the intrusions started with attackers exploiting unpatched vulnerabilities in Microsoft Exchange which came to light in early 2021.
Once the attackers gain initial access, they use a variety of tools including Sodamaster, fileless malware which provides a backdoor onto machines, as well as a custom loader for dropping additional payloads. Both forms of malware have been used in previous campaigns by APT10.
The malware is capable of evading detection and it also obfuscates and encrypts any information which is sent back to command and control servers operated by the attackers. In addition to custom tools, the campaigns also use publicly available tools, to scan systems and execute commands.
The victims being targeted, along with the tools being deployed and the earlier history of the suspected culprit behind the attacks has led researchers to conclude that the most likely goal of the campaign is information theft and intelligence gathering.
(Score: -1, Troll) by Anonymous Coward on Friday April 08 2022, @04:28AM (3 children)
It's Gotta Be aristarchus!!! Pure, undistilled, evil! He has totally hacked SoylentNews, has enough data to dox everyone, since SN has recorded hashes since day one.
(Score: -1, Offtopic) by Anonymous Coward on Friday April 08 2022, @07:07AM (1 child)
Nah racist loser aristarchus was revealed to be a sock puppet of "F*ck You N*ggers"†. [soylentnews.org]
.
† His voluntary choice of user name, mind you. [soylentnews.org]
(Score: -1, Offtopic) by Anonymous Coward on Friday April 08 2022, @07:55AM
Not True. F***Y**N***** 1-9 are Runaway sockpuppets. The boy's racism finally surfaced.
(Score: -1, Offtopic) by Anonymous Coward on Friday April 08 2022, @12:24PM
OCD. Get a life, loser.
(Score: 5, Interesting) by RS3 on Friday April 08 2022, @04:49AM
These stories remind me of using honeypot servers, and loading them with disinformation. Also if possible, reverse-engineer the malware and set up computers to mimic the malware's data stream, and again, load the attackers with believable nonsense.
Frustratingly these kinds of articles rarely give actual useful information or details to let us know how to detect the malware, and then how to get rid of it. They mention patching- doesn't everyone do that? And they mention 2FA.
(Score: 5, Insightful) by MIRV888 on Friday April 08 2022, @08:38AM (3 children)
If you scrutinize China's most modern military equipent, it's almost a direct rip off of all our hardware. We continue to underestimate China at our peril.
(Score: 3, Interesting) by RS3 on Friday April 08 2022, @02:37PM
I agree, except for the word "we". In the 90s I worked for a medical equipment (EEG) company. There was a Chinese man working there. I don't know the situation, but it was a fairly small company and maybe the owner felt benevolent toward someone from China? I really don't know. All I know is the guy did software development, was deeply involved in core proprietary diagnostic / analysis algorithm development, etc. In other words, all the deep secrets. He was pretty quiet, not friendly, almost like he carried some kind of angst. But I'll never forget him saying one day "we [China] will conquer you and take over the world". And he meant it.
A few years before that there was a major national news scandal involving a Chinese national who was working in one of the US govt. labs- maybe Lawrence Livermore, or Sandia, or similar- I forget. Anyway, this guy was deeply involved and had access to all kinds of secret and top secret information, including military applicable information, and it turned out (duh!) he was sending all kinds of stuff back to China. I would love to think (hope!) they were feeding him misinformation, but we'll probably never know.
(Score: 0) by Anonymous Coward on Friday April 08 2022, @08:20PM (1 child)
It's even more nefarious. Not only are they stealing the good stuff, they're poisoning the sciences with barf-loads of articles that only cite other Chinese barf. In case you didn't know, citation counts are pretty much the only metric for quality in research. The end stage (which is where we are) is entire US departments full of shitty Chinese professors bring their enlightened authoritarian teaching methodology and taking us back to the 19th Century.
(Score: 0) by Anonymous Coward on Saturday April 09 2022, @03:40PM
Yeah, but smug arrogant authoritarianism is dope, all the rage, you dig?