- Feb 4, 2016
- 2,520
Chinese cyberspies are evolving their tactics, focusing on IT staffers, relying more and more on spear-phishing instead of malware, and gathering code signing certificates from hacked software companies in the preparation of future supply-chain attacks.
These are some of the main points of a 45-page report [HTML, PDF] released yesterday by 401TRG, the Threat Research & Analysis Team at ProtectWise.
Experts analyzed the TTPs (tactics, techniques, and procedures) used across the years by a group previously referred to as Winnti, after the name of one of its main tools, the Winnti backdoor.
Chinese hackers focus on IT staffers
Nowadays, the APTs part of the Winnti Umbrella group appear to be operating following a common hacking/operational pattern.
First and foremost, attackers appear to favor spear-phishing individual targets, preferring to collect credentials and then entering accounts without utilizing malware for establishing an initial foothold.
"We have observed spear-phishing campaigns that target human resources and hiring managers, IT staff, and internal information security staff, which are generally very effective," 401TRG experts said about the 2017 campaigns.
Hackers focus on collecting network credentials and then spreading laterally inside a company.
...
.....
...