China-Linked APT15 used new backdoors in attack against UK Government’s service provider

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
China-Linked APT15 used new backdoors is an attack that is likely part of a wider operation aimed at contractors at various UK government departments and military organizations.
Last week Ahmed Zaki, a senior malware researcher at NCC Group, presented at the Kaspersky’s Security Analyst Summit (SAS), details of a malware-based attack against the service provider for the UK Government launched by the APT15 China-linked group (aka Ke3chang, Mirage, Vixen Panda and Playful Dragon).

“In May 2017, NCC Group’s Incident Response team reacted to an ongoing incident where our client, which provides a range of services to UK Government, suffered a network compromise involving the advanced persistent threat group APT15.” reads a blog post published by NCC Group.

NCC stop the investigation in June 2017 on explicit request of the victim but resumed it in August after the APT15 hackers managed to regain access to the victim’s network.

“APT15 managed to regain access a couple of weeks later via the corporate VPN solution with a stolen VPN certificate, which they had extracted from a compromised host.” continues the analysis.

The attack is likely part of a wider operation aimed at contractors at various UK government departments and military organizations.

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide. The attackers demonstrated an increasing level of sophistication across the years, they used a custom-malware and various exploits in their attacks
...
...
...
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top