Privacy News Chinese Cyberspies Appear to be Preparing Supply-Chain Attacks

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Chinese cyberspies are evolving their tactics, focusing on IT staffers, relying more and more on spear-phishing instead of malware, and gathering code signing certificates from hacked software companies in the preparation of future supply-chain attacks.

These are some of the main points of a 45-page report [HTML, PDF] released yesterday by 401TRG, the Threat Research & Analysis Team at ProtectWise.

Experts analyzed the TTPs (tactics, techniques, and procedures) used across the years by a group previously referred to as Winnti, after the name of one of its main tools, the Winnti backdoor.

Chinese hackers focus on IT staffers

Nowadays, the APTs part of the Winnti Umbrella group appear to be operating following a common hacking/operational pattern.

First and foremost, attackers appear to favor spear-phishing individual targets, preferring to collect credentials and then entering accounts without utilizing malware for establishing an initial foothold.

"We have observed spear-phishing campaigns that target human resources and hiring managers, IT staff, and internal information security staff, which are generally very effective," 401TRG experts said about the 2017 campaigns.

Hackers focus on collecting network credentials and then spreading laterally inside a company.
...
.....
...
 
F

ForgottenSeer 58943

Prevention/mitigation methods are already in the pipe or being rolled out, or recently rolled out.

At work our entire infrastructure just went through a Meltdown/Spectre audit. Many machines were wiped and reset. New machine learning tools put into place on each endpoint.

Also, Trend Micro rolled out their BEC and ML modules for HES. By summer their AI modules will be in place. Between those three things, spoofing will likely be a thing of the past. Fortinet 6, FSF is out. New technology for state sponsored detection and mitigation is already in 5.6+ series FW. Fortinet is also doing an early deprecate on the 5.2X series firmware (this fall) to push everyone to the FM revisions focused on APT detection and prevention. Sophos has many new things in the pipe, Sandstorm is fully operational with the XG series and the REV3 takes it to a new level.

We're seeing policies put in place to block not only Russia, but Chinese products/services/updates and protocols on a grand scale.

Consumers would be wise to implement a UTM on their network, even if it is a Prosumer product like Norton Sphere, ASUS w/AIProtection, BitDefender Box, F-Secure Router, whatever.. Also remove cheap chinese IoT crap on their network unless it's absolutely needed. ALL of it is backdoored. Every single cheap smart plug, light and gadget from a chinese vendor on Amazon is backdoored/dialing home to Beijing when we tested them.
 
F

ForgottenSeer 58943

Ccleaner should be ashamed though. A lot of companies play fast and loose with their update channels and security. It's disgusting.

Also, mark my words, if AV firms don't start using encrypted update channels they'll be next (if they aren't already). There is a reason enterprise grade AV's seem to all use 443, while their consumer crap seems to not be of concern to them.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top