fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Chinese APT10 Hackers Use Zerologon Exploits Against Japanese Orgs

Chinese APT10 Hackers Use Zerologon Exploits Against Japanese Orgs

A Chinese state-sponsored hacking group has been observed while attempting to exploit the Windows Zerologon vulnerability in attacks against Japanese companies and subsidiaries from multiple industry sectors in 17 regions around the globe.

This global cyber-espionage campaign has been attributed to the APT10 state-backed hackers based on information collected by Symantec’s Threat Hunter Team, the Broadcom division that tracked the attacks.

The attacks were discovered by Symantec researchers after the detection of suspicious DLL side-loading activity on a customer’s network.

“The initial Cloud Analytics alert allowed our threat hunting team to identify further victims of this activity, build a more complete picture of this campaign, and attribute this activity to Cicada,” Symantec said.

Campaign victims

The APT10 hackers have been running this campaign for roughly an entire year, from at least mid-October 2019 to the start of October 2020.

In some cases, the APT10 actors remained active and undetected in their victims’ networks for almost an entire year showing that they have the tools and sophistication to effectively hide their malicious activity.

“The companies hit are, in the main, large, well-known organizations, many of which have links to Japan or Japanese companies, which is one of the main factors tying the victims together,” Symantec explained.

While the map embedded below shows that APT10’s attacks also targeted firms within China’s borders, the company was a subsidiary of a Japanese firm just as many of the other targets in this campaign.

APT10 targets' location
Image: Symantec

Among the info used to attribute the attacks, Symantec’s researchers also mention custom loaders used to deliver malicious payloads on all of the targets’ networks.

They were also seen using similar obfuscation techniques, living-off-the-land tools, and QuasarRAT final payloads (a backdoor commonly used by APT10), as well as coordinated targeting of multiple organizations at the same time.

APT10 attackers were also observed using Zerologon exploits to steal domain credentials and take full control over the entire domain following successful exploitation of vulnerable devices.

This vulnerability was also actively exploited in attacks by Iranian-backed MuddyWater hacking group (aka SeedWorm and MERCURY) starting with the second half of September and by the financially-motivated TA505 (Chimborazo) threat group.

The time spent by the threat actors within compromised networks varied greatly, from a few days to almost an entire year, with activity picking up again after months of complete silence in some cases.

Also Read: 10 Practical Benefits of Managed IT Services

Chinese hackers targeting the Five Eyes

APT10 (also known as Menupass, Stone Panda, Cloud Hopper) has been active since at least 2009 and has historically targeted government organizations and private companies from the United States, Europe, and Japan.

They are known for focusing on stealing military, intelligence, and business information from compromised targets and for frequently focusing their attacks on Japanese entities.

The U.S. Government indicted two APT10 hackers in December 2018, showing that the group successfully compromised NASA’s Jet Propulsion Laboratory, U.S. Government agencies, managed service providers (MSPs) — including IBM and Hewlett Packard Enterprise.

APT1 hackers also breached the U.S. Department of the Navy systems to steal confidential info of over 100,000 individuals.

Following this indictment, all countries in the Five Eyes Intelligence Alliance (the U.S., Canada, the U.K., New Zealand, and Australia) issued statements attributing intellectual property and sensitive commercial data theft to the Chinese APT group.

Takeshi Osuga, Japan’s Foreign Ministry press secretary, also said that “Japan has identified continuous attacks by the group known as APT10 to various domestic targets … and expresses resolute condemnation of such attack.”

Japanese firms are also valuable ransomware targets

At least 11 Japanese companies fell victim to ransomware attacks between June and October 2020 according to a report published today by Israeli cybersecurity intelligence firm, KELA.

“The affected companies are from manufacturing, construction and government-related industries, with top victims having around $143 billion, $33 billion and $2 billion yearly revenue,” KELA said.

Since June 2020, several other Japanese organizations also had their networks compromised, including but not limited to corporations, universities, and an undisclosed Japanese ministry. This access could very easily be used by ransomware gang affiliates to deliver payloads and encrypt systems.

To make matters even worse and to show the risks Japanese orgs from all sectors are facing, KELA also found data belonging to Japanese corporations, government, and educational entities either actively being shared on the dark web or at a high demand.

Also Read: What is Pentest Report? Here’s A Walk-through

“[M]ore and more threat actors, Advanced APT group and nation-state actors are considering Japanese organizations as valuable targets and are actively attacking them via opportunistic and targeted attacks,” as KELA concludes.

Update: Added info on Zerologon exploitation.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us