Chinese cybercriminal syndicate redoubles espionage efforts



The US cybersecurity agency FireEye has detected a surge in on-line espionage carried out by the Chinese language hacking group APT41.

The spike in exercise from APT41 started on the finish of January and lasted until mid-March throughout which era the group focused 75 organizations from numerous totally different industries together with telecommunications, healthcare, authorities, protection, finance, petrochemical, manufacturing and transportation. The group additionally focused nonprofit, authorized, actual property, journey, training and media organizations.

Of their report on APT41’s recent activities, FireEye researchers Christopher Glyer, Dan Perez, Sarah Jones and Steve Miller explained that the group is likely responsible for launching one of the most widespread online espionage campaigns they’ve ever seen, saying:

“This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years. While APT41 has previously conducted activity with an extensive initial entry … this scanning and exploitation has focused on a subset of our customers, and seems to reveal a high operational tempo and wide collection requirements for APT41.”

Leveraging recently disclosed vulnerabilities

APT41 used known vulnerabilities in Citrix’s Application Delivery Controller (ADC), Cisco’s routers and Zoho’s ManageEngine Desktop Central to launch their attacks on targeted organizations.

The Citrix vulnerability was made public a month before the group’s campaign began while a zero-day remote code execution vulnerability in Zoho’s ManageEngine Desktop Central was discloses just three days before the group leveraged the security flaw. Although FireEye does not have a copy of the malware used against Cisco’s routers, the company believes that APT41 designed its own custom malware to launch attacks against them.

FireEye first gave a name to the Chinese hacking group last year but APT41 has been conducting state-sponsored espionage for some time now.

In a statement to CyberScoop, FireEye explained the that motive behind APT41’s latest campaign is unknown but there are multiple explanations as to why it launched cyberattacks on 75 organizations across a variety of industries, saying:

“Based on our current visibility it is hard to ascribe a motive or intent to the activity by APT41. There are multiple possible explanations for the increase in activity including the trade war between the United States and China as well as the COVID-19 pandemic driving China to want intelligence on a variety of subjects including trade, travel, communications, manufacturing, research and international relations.”

Via CyberScoop



Source link