China-Linked APT15 used new backdoors is an attack that is likely part of a wider operation aimed at contractors at various UK government departments and military organizations.
Last week Ahmed Zaki, a senior malware researcher at NCC Group, presented at the Kaspersky’s Security Analyst Summit (SAS), details of a malware-based attack against the service provider for the UK Government launched by the APT15 China-linked group (aka
Ke3chang,
Mirage, Vixen Panda and Playful Dragon).
“In May 2017, NCC Group’s Incident Response team reacted to an ongoing incident where our client, which provides a range of services to UK Government, suffered a network compromise involving the advanced persistent threat group APT15.” reads a blog post published by NCC Group.
NCC stop the investigation in June 2017 on explicit request of the victim but resumed it in August after the APT15 hackers managed to regain access to the victim’s network.
“APT15 managed to regain access a couple of weeks later via the corporate VPN solution with a stolen VPN certificate, which they had extracted from a compromised host.” continues the analysis.
The attack is likely part of a wider operation aimed at contractors at various UK government departments and military organizations.
APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide. The attackers demonstrated an increasing level of sophistication across the years, they used a custom-malware and various exploits in their attacks
...
...
...
...