+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Chinese hackers are using backdoors to gain unrestricted access to companies and governments — and it’s not about the money

May 18, 2020, 07:20 IST
Business Insider India
AVAST cybersecurity analyst explains how a telecommunications company, a gas company, and a governmental institution in Central Asia were targetted for an advanced persistent threat (APT) attackUnsplash

Advertisement

  • A new advanced persistent threat (APT) attack was discovered targeting companies and government institutions in Central Asia by digital security firms Avast and ESET.
  • It planted backdoors within the network to manipulate and delete files, take screenshots and execute console commands.
  • Unlike other malware, APT attacks aren’t motivated by money but by “politics and ideals,” Luigion Camastra, a malware researcher with Avast told Business Insider.
  • The best offence against these kinds of attacks is a good defence.
The digital security companies’, Avast and ESET, found that an advanced persistent threat (APT) attack was targeting companies and government institutions in Central Asia — planting backdoors to ensure that they had long-term access to corporate networks. This included a a telecommunications company, a gas company, and a governmental institution in Central Asia.

Unlike other attacks, where hackers are known to follow the money, APT attacks have a whole other agenda. “APT groups are typically state-sponsored and motivated by politics and ideals, rather than money,” Luigino Camastra, a malware researcher with Avast told Business Insider.

Based on their analysis, the companies’ believe that the group behind the latest attack on Central Asia is from China based on the remote access tools (RATs) used. And, this isn’t their first time around the block.

“Further analysis leads us to believe the same group behind this attack, was also responsible for attacks against the Belarusian government and Russian military in late 2017,” said Camastra.

Advertisement

These hackers don’t want anyone to know they had access to the system in the first place
Unlike ransomware, which has recently made headlines for compromising for many a network — including IT services company Cognizant and law firm Grubman Shire Meiselas & Sacks, which manages the accounts of global A-list celebrities — APT actors want to stay unnoticed and inside networks for as long as possible.


They have no intention of downloading the information for blackmail. Instead, they want to stay inside the system for as long as possible to manipulate and delete files, take screenshots, alter processes and services, and execute console commands.

“For now, we don’t have any proof or indication of what exactly was manipulated or deleted during the APT attack. However, the backdoor has a set of commands specifically targeting files with the .tu and .tut file extensions, we don’t know exactly what the content of these files was,” said Camastra.

In order for the attack to be effective, they even remove themselves after the work is done so that nobody ever knows that they were in the system, to begin with. “Espionage, information, trade secrets – these are what fuel an APT group’s actions,” Camastra explained.

And they don’t want you to know what they’ve changed
As with other malware, the most common way that hackers are able to put in backdoors is by using phishing emails. However, the method can change depending on the attacker.
Advertisement

“Phishing emails can contain a malicious attachment or malicious link, especially at the initial stages of an attack. A malicious attachment may contain a backdoor or another malicious file,” said Camastra.

In order to avoid detection, the group used custom tools in addition to Gh0st remote access tool (RAT) and Management Instrumentation to move laterally within infiltrated networks. “This has led to a large number of samples, with binaries often protected by VMProtect, making analysis more difficult,” he said.

“For example, PoisonIvy, Korplug are also popular RATs that have been used by many APT groups,” he added.

There’s very little that companies can do about it
Malware attacks are only becoming more common as people work from home and hackers are taking advantage of the unaware. “Effectively protecting organizations against the APT attacks has been proven to be very difficult as there are millions of malware variations,” explained Camastra.

In the post COVID-19 world the best offence is a good defence. All you can really do is make sure that people are aware of the risks, and treat every link that passes through their email with healthy suspicion. For those working from home, make sure your applications are up-to-date to ensure that they have the latest security patches to catch any hacker trying to break through.
Advertisement

SEE ALSO:
Lockdown 4.0 ⁠— India issues new guidelines allowing states to decide the red, green, and orange zones

Petrol and diesel get more expensive in Odisha as government hikes value-added tax

Video of an Uber ride is all the rage on TikTok and Instagram ⁠— the driver got himself a cockpit covered in plastic

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article