SECURITY
SECURITY
SECURITY
Chinese hacking group credited with attacks on MSP, retailer and law firm
Six weeks after the U.S. Department of Justice indicted two Chinese nationals over their role in the hacking group APT10, security researchers have detailed a campaign from the group that targeted systems in the U.S. and Norway.
Detailed today in a report written by researchers at Recorded Future Inc. and Rapid7 Inc., the APT10 “sustained campaign” ran between November 2017 and September 2018.
The campaign targeted Norwegian managed services provider Visma Software AS as well as an international apparel company and an American law firm that specializes in intellectual property law. The unnamed IP law firm is said to have clients in the pharmaceutical, tech, biomedical and automotive industries.
In all three cases, the attackers gained access to networks through deployments of Citrix and LogMeIn remote-access software using stolen valid user credentials. Once they got access, the hackers elevated their privileges before using “DLL sideloading” techniques to deliver malware.
The malware used is described as a newly discovered version of the Trochilus remote access trojan. Trochilus, first detected in 2015, was described at the time as designed to be used in cyberespionage operations.
Just how many people and companies were affected by the APT10 hacks is not known. Visma is a billion-dollar Norwegian software company that claims to have 850,000 customers around the world, meaning that any number of those customers could have been the target.
“We believe APT10 is the most significant Chinese state-sponsored cyber threat to global corporations known to date,” the researchers wrote. “On top of the breadth, volume, and targets of attacks that APT10 has conducted since at least 2016, we now know that these operations are being run by the Chinese intelligence agency, the Ministry of State Security.”
The state-sponsored angle is notable because these attacks are not designed to raise money through extortion but to steal intellectual property. Previous attacks by the group have covered a diverse array of commercial activity, industries and technologies as well as government agencies, including the National Aeronautics and Space Administration.
Image: Recorded Future
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
