These sneaky hackers hid inside their victims' networks for nine months:
Detailed by cybersecurity researchers at Symantec, the campaign is the work of a group they call Cicada – also known as APT10 - a state-sponsored offensive hacking group which western intelligence agencies have linked to Chinese Ministry of State Security. In some cases, the attackers spent as long as nine months inside the networks of victims.
[...] In several of the detected campaigns, evidence of initial activity on compromised networks has been seen on Microsoft Exchange Servers, suggesting the possibility that the intrusions started with attackers exploiting unpatched vulnerabilities in Microsoft Exchange which came to light in early 2021.
Once the attackers gain initial access, they use a variety of tools including Sodamaster, fileless malware which provides a backdoor onto machines, as well as a custom loader for dropping additional payloads. Both forms of malware have been used in previous campaigns by APT10.
The malware is capable of evading detection and it also obfuscates and encrypts any information which is sent back to command and control servers operated by the attackers. In addition to custom tools, the campaigns also use publicly available tools, to scan systems and execute commands.
The victims being targeted, along with the tools being deployed and the earlier history of the suspected culprit behind the attacks has led researchers to conclude that the most likely goal of the campaign is information theft and intelligence gathering.
(Score: 0) by Anonymous Coward on Friday April 08, @04:28AM
(Score: 2) by RS3 on Friday April 08, @04:49AM
These stories remind me of using honeypot servers, and loading them with disinformation. Also if possible, reverse-engineer the malware and set up computers to mimic the malware's data stream, and again, load the attackers with believable nonsense.
Frustratingly these kinds of articles rarely give actual useful information or details to let us know how to detect the malware, and then how to get rid of it. They mention patching- doesn't everyone do that? And they mention 2FA.