Security News Chinese Group Is Hacking Cloud Providers to Reach Into Secure Enterprise Networks

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
A cyber-espionage group that first surfaced in 2009 is using a novel tactic into hacking its targets by first breaching one of its cloud service providers, and then reaching inside the company's secure business network via the cloud service's approved communications channels.

The tactics of this group are new and haven't been seen before. Until now, cyber-espionage groups, regardless of affiliation, used cloud providers mainly to store malware or as relay points for stolen data.

This group's decision to hack the cloud service providers comes as these services are becoming more ubiquitous in enterprise networks, and almost all companies use one or more cloud services to handle some type of activity, may it be human resource management, inventory activities, email, or file sharing and hosting.

Hackers use cloud services to hide malicious activity
This particular group of Chinese hackers is known in the infosec community under different names, such as APT10 (FireEye), Red Apollo (PwC), CVNX (BAE Systems), Stone Panda (CrowdStrike), POTASSIUM (Microsoft), and MenuPass (Trend Micro).

Until recently, its activity involved the classic method of using spear-phishing attacks aimed at individuals inside corporate or government networks.

As of late 2016, BAE and PwC researchers both noted a change in the targeting of APT10. Instead of going after employees working in secure and hardened enterprise networks, where's there's a chance to get caught, attackers started targeting individuals at cloud service providers, which don't always feature the same level of security protections.

Once APT10 operators get a foothold inside these companies, they take over their systems and use the access the cloud service has to the enterprise networks to infiltrate and hack the cloud provider's clients.

All infiltration and exfiltration operations are handled via the cloud service's regular communications channels, which are usually whitelisted inside the clients' networks.

Hackers breached companies all over the globe
....
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top