fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

U.S. Charges Chinese Winnti Hackers for Attacking 100+ Companies

U.S. Charges Chinese Winnti Hackers for Attacking 100+ Companies

The U.S. Department of Justice announced today charges against five Chinese nationals fort cyberattacks on more than 100 companies, some of them being attributed to state-backed hacking group APT41.

APT41 is one of the oldest threat groups, known primarily for cyber-espionage operations against a variety of entities, including software developers, gaming companies, hardware manufacturers, think tanks, telcos, social, universities, or foreign governments.

Kaspersky has been tracking this group since 2012 as Winnti – the name Symantec gave the malware used in attacks. APT41 has been active for more than a decade and is also known as Barium, WickedPanda/Spider.

Front security company

Two of the alleged APT41 members (Zhang Haoran and Tai Dailin) were charged  in August last year and were connected with the three indicted last month:

Jiang Lizhi (蒋立志), 35

Qian Chuan (钱川), 39

Fu Qiang (付强), 37

All five hackers are currently at large and are the newest addition to the Cyber’s Most Wanted list from the FBI.

Court documents describe the trio as experienced hackers that have been working together since at least 2013 and had previously collaborated with the other two defendants.

Also Read: 13 Special Skills To Become a Front End Developer Singapore

Since 2014, Jiang, Qian, and Fu carried out hacking activity that security researchers attribute to the APT41 threat group through a front company called Chengdu 404 Network Technology.

They stole source code, software code signing certificates, customer account data, personally identifiable information, and deployed sophisticated supply-chain attacks [CCleanerShadowPadShadowHammer], the indictment reveals.

Chengdu 404 promoted itself as a network security company of white-hat hackers with clients in the public security and military sector.

Its activity included defensive and counter-offensive network security services, forensics, penetration testing, and other security-related services.

If caught, the three hackers face a cumulated maximum sentence of more than 70 years of prison time, the DOJ states in a press release.

Hacking for self and country

According to the indictment, Chengdu 404 employees, including Jiang, Qian, and Fu, were also conducting criminal activity that targeted more than 100 companies around the world.

The three were involved in ransomware attacks against at least three entities in May 2020: a global non-governmental organization, a real estate company in the U.S., and an energy company in Taiwan.

Ransomware attacks, along with cryptojacking operations, would be deployed for personal financial benefit, which is in contrast with the interests of its customers (Chinese government agencies, including the Ministry of Public Security)

Cybersecurity companies following APT41 activity revealed that the group engages in both espionage and criminal activities. In a report in 2018, CrowdStrike highlights the double motivation of this threat actor saying that it “likely operates as an exploitation group for hire” and that it is “commonly associated with the interests of the government of the People’s Republic of China.”

“WICKED PANDA refers to the targeted intrusion operations of the actor publicly known as “Winnti,” whereas WICKED SPIDER represents this group’s financially-motivated criminal activity” – CrowdStrike

FireEye echoes this characteristic of APT41 in research published last year, noting that:

“Explicit financially-motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests APT41 has conducted simultaneous cyber crime and cyber espionage operations from 2014 onward” – FireEye

Also Read: EU GDPR Articles: Key For Business Security And Success

APT41 uses both custom and open-source tools to compromised victims and move laterally on their network. The hackers also relied on exploiting severe vulnerabilities for initial access:

  • CVE-2019-19781 leading to arbitrary remote code execution in Citrix Application Delivery Controller (NetScaler ADC) and the Citrix Gateway (NetScaler Gateway)
  • CVE-2019-11510 in Pulse Secure VPN
  • CVE-2019-16920 – unauthenticated remote code execution in multiple D-Link products
  • CVE-2019-16278 – directory traversal leading to remote code execution in Nostromo web server (nhttpd)
  • CVE-2019-1652/CVE-2019-1653 – command injection and information disclosure in Cisco RV320 and RV325 routers for small businesses
  • CVE-2020-10189 – remote code execution vulnerability in Zoho ManageEngine Desktop Central

Apart from the APT41 hackers, the U.S. government also indicted two Malaysian businessmen (Wong Ong Hua and Ling Yang Ching ) for conspiring with two of the hackers to benefit from attacks against targets in the video gaming industry.

They were running a video gaming company called Sea Gamer Mall, which sold digital game-related goods (like currency) and services. For more than four years, the Sea Gamer platform was used to sell video game digital goods obtained through unauthorized access provided by APT41 hackers.

Both businessmen were arrested on September 14 in Malaysia.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us