China accused of initiating several cyberattack campaigns via APT

China accused of initiating several cyberattack campaigns via APT

April 12, 2020 Off By admin

According to a report released by BlackBerry earlier this month, the Chinese state is the source of dozens of computer hacks carried out by groups of experienced APT-type cybercriminals.

Several servers around the world have been the targets of this massive campaign of computer attacks. According to BlackBerry in its report, the various cyberattacks began precisely at the beginning of the Rat Year, which they assume is an "omen of creativity and ingenuity." The report we are talking about here is entitled "Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android."

This article will also interest you: A group of APT pirate identified by the Russian firm Kasperky

A summary description of the various operations carried out in the context of economic espionage is made, especially in the intellectual property sector. These operations are often at the heart of several thousand investigations initiated by the US Federal Police, through its 56 offices. The experts involved in this investigation, through this report, have tried to present a study as detailed as possible of the modus operandi of 5 groups of hackers classified as advanced persistent threats still called APT (Advanced Persistent threats), all working on behalf of the Chinese government. Their attacks mainly targeted Linux servers, Windows systems, and thousands of mobile devices running under Google's operating system, Android. And all this in the utmost calm and discretion.

It should be noted that previously, the report of the American cybersecurity company FireEyes, had echoed a resumption of cyber attack activities from this kind of group of cybercriminals, during the course of January, mainly during the period when the epidemic had begun to spread in China. One of the groups detected by the security firm was APT41. The latter is said to have initiated several computer attacks targeting approximately 75 companies affiliated with the industrial, health and media sectors. The attacks reportedly began on January 20, according to FireEyes, which FireEyes described as "the largest attack launched by China in recent years."

This reality highlighted by BlackBerry's report on these hacking campaigns behind which the Chinese government is said to be hiding is quite worrying. Indeed, we should not overlook the fact that the number of teleworkers has literally tripled since the explosion of the pandemic. Businesses are increasingly vulnerable because they have to settle for a long time of remote work. The distance that unfortunately does not always meet the security criteria sufficient to barrier to this kind of hackers. If security vulnerabilities are usually discovered on traditional tools, the skill of such hackers associated with its old security problems could wreak real havoc.

The interest of these hackers is usually directed to Linux. This is because Linux manages the majority of the most popular websites: 75% of web servers, 75% of major cloud service providers and 98% of supercomputers worldwide. "Most large companies rely on Linux to run their websites, proxy network and store valuable data. according to BlackBerry's report. It was even highlighted in this report an exploit of APT hacker groups when using a common security flaw to the Linux server to carry out a range of cyberattack money. "Linux is generally not directly accessible by users. Most security companies focus their engineering and marketing efforts on products designed for the front office rather than server racks. The visibility on the Linux system is therefore limited," says Eric Cornelius, Chief Product Architect at BlackBerry. He later noted, "These APT groups have focused on this security breach and used it to their advantage to usurp the intellectual property of the targeted sectors for years and without anyone noticing. ».

Now access an unlimited number of passwords:

Check out our hacking software