New Delhi: China-based hackers attacked military industrial plants, research institutes, government agencies and ministries in several countries and were able to hijack the IT infrastructure of some, while taking control of systems used to manage security solutions. Were able, a new report has revealed.
the researchers Cyber security The firm Kaspersky traced a wave of targeted attacks on military industrial complex enterprises and public institutions to several Eastern European countries and in Afghanistan.
“During our research, we were able to identify more than a dozen attacking organizations,” the researchers said.
The analysis suggests that “it is highly likely that a Chinese-speaking group behind the attacks,
The researchers tagged TA428, a Chinese-speaking APT group, behind a series of attacks using six backdoor malware.
The attackers entered the enterprise network using carefully crafted phishing emails.
“During our investigation, we found that, in some cases, attackers create phishing emails using information that is not publicly available, such as the full names of employees responsible for handling sensitive information, as well as the names of the projects being developed. internal codenames by the attacking organizations,” the team noted.
Phishing emails contain Microsoft Word documents with embedded malicious code that exploits the CVE-2017-11882 vulnerability, which enables an attacker to execute arbitrary code without any additional user activity.
In the new series of attacks, attackers used six different backdoors at the same time – possibly to establish redundant communication channels with infected systems if a malicious program was detected and removed by a security solution.
“Backdoors provide comprehensive functionality for controlling infected systems and collecting confidential data,” Kaspersky said.
The attack targeted industrial plants, design bureaus and research institutes, government agencies, ministries and departments in Afghanistan, as well as several Eastern European countries (Belarus, Russia and Ukraine).