Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Connection discovered between Chinese hacker group APT15 and defense contractor

July 2, 2020
in Internet Security
Connection discovered between Chinese hacker group APT15 and defense contractor
594
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

In a report published today, cyber-security firm Lookout said it found evidence connecting Android malware that was used to spy on minorities in China to a large government defense contractor from the city of Xi’an.

Lookout’s 52-page report [PDF] details a years-long hacking campaign that has primarily targeted the Uyghur ethnic minority, living in western China, but also the Tibetan community, to a lesser degree.

You might also like

100+ critical IT policies every company needs, ready for download

ExpressVPN review: A fine VPN service, but is it worth the price?

Microsoft Defender for Endpoint now protects unmanaged BYO devices

The campaign infected individuals in these communities with malware, allowing government hackers to keep an eye on the activities of minority communities in China’s border regions but also living abroad in at least 14 other countries.

“Activity of these surveillance campaigns has been observed as far back as 2013,” Lookout researchers said.

The company attributed this secret surveillance to a hacking group they believe operates on behalf of the Chinese government.

Some of the group’s past hacking operations have been documented by other cyber-security firms, and the hacking group is already known in industry circles under different codenames, such as APT15, GREF, Ke3chang, Mirage, Vixen Panda, and Playful Dragon.

The vast majority of past APT15 attacks involved malware designed to infect Windows desktops, but Lookout said the group also developed an arsenal of Android hacking tools.

Hacking tools that were already known include malware strains identified as HenBox, PluginPhantom, Spywaller, and DarthPusher. On top of these, Lookout said it also discovered four new ones, which they codenamed SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle. (see image below for their features)


Image: Lookout

Lookout said it undeniably tied these new Android malware strains to previous APT15 Android hacking tools because of shared infrastructure and the use of the same digital certificates to sign various samples.

gref-tools.png

Image: Lookout

To distribute their malware, Lookout said APT15 didn’t upload the apps on the Google Play Store but instead used a technique known as a “watering hole attack,” where they hacked legitimate sites and inserted malicious code in them. The malicious code redirected users to web pages, forums, app stores, and other sites from where users were asked to download and install apps infected with APT15’s malware.

Ties to a defense contractor in central China

But Lookout said that during the early stages of its research into APT15’s new malware, they found a command-and-control server for the GoldenEagle spyware that was left unprotected.

Security researchers said they accessed the server and collected information on victims and the operators who were managing the malware.

Looking through logs, Lookout said it found data from the first devices infected with GoldenEagle. When Lookout plotted GPS coordinates obtained from these infected devices, they found that most were around one single area.

Lookout said the GPS coordinates plotted around a building hosting the offices of Xi’an Tianhe Defense Technology, a large defense contractor in the city of Xi’an, in central China.

apt15-map.png

Image: Lookout

Security researchers said these initial infections, coupled with their GPS coordinates, appear to be for devices infected in the malware’s early development phase, and most likely test devices, suggesting that the company was most likely the one who developed the GoldenEagle malware.

Other doxed APTs

The fact that Lookout linked an APT15 malware sample to a Chinese defense contractor is not a novel discovery. From 2017 to 2019, four other Chinese state-sponsored hacking groups have been linked to contractors hired by Chinese intelligence agencies operating in various regional offices.

This includes:

  • APT3 – linked to a company named Boyusec operating on behalf of Chinese state security officials in the province of Guangdong
  • APT10 – linked to several companies operating on behalf of Chinese state security officials in the province of Tianjin
  • APT17 – linked to several companies operating on behalf of Chinese state security officials in the province of Jinan
  • APT40 – linked to several shell companies operating on behalf of Chinese state security officials in the province of Hainan

Operators behind APT3 and APT10 have eventually been charged by the US Department of Justice in November 2017 and December 2018, respectively.

Based on previous threat intelligence reports published by cyber-security firm Recorded Future and CrowdStrike, the Chinese Ministry of State Security outsources hacking operations to outside contractors, who report directly and take orders from intelligence officials.

Credit: Zdnet

Previous Post

AI Being Applied in Agriculture to Help Grow Food, Support New Methods

Next Post

Industry Development Scenario and Forecast to 2025

Related Posts

100+ critical IT policies every company needs, ready for download
Internet Security

100+ critical IT policies every company needs, ready for download

April 15, 2021
ExpressVPN review: A fine VPN service, but is it worth the price?
Internet Security

ExpressVPN review: A fine VPN service, but is it worth the price?

April 15, 2021
Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
ASIO boss says he’s not concerned with Australian Parliament’s March outage
Internet Security

ASIO boss says he’s not concerned with Australian Parliament’s March outage

April 14, 2021
Next Post
Industry Development Scenario and Forecast to 2025

Industry Development Scenario and Forecast to 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

100+ critical IT policies every company needs, ready for download
Internet Security

100+ critical IT policies every company needs, ready for download

April 15, 2021
NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers
Internet Privacy

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

April 15, 2021
AI.Reverie names Aayush Prakash as Head of Machine Learning
Machine Learning

AI.Reverie names Aayush Prakash as Head of Machine Learning

April 15, 2021
Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021
Neural Networks

Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021

April 15, 2021
How to Analyze Influencer Campaign Performance
Marketing Technology

How to Analyze Influencer Campaign Performance

April 15, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

How AI helps Overwatch League process 410M data points to build power rankings – IBM Developer

April 15, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 100+ critical IT policies every company needs, ready for download April 15, 2021
  • NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers April 15, 2021
  • AI.Reverie names Aayush Prakash as Head of Machine Learning April 15, 2021
  • Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021 April 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates