Chinese attackers have been targeting an engineering company based in Britain re-using tactics, techniques and procedures from the Russian threat groups Dragonfly and APT28, the threat intelligence firm Recorded Future claims.
The company said the Chinese attackers were using the same infrastructure as one utilised by another Chinese actor, known as TEMP.Periscope aka Leviathan ― which Recorded Future says is a Chinese state-sponsored agent ― against Cambodian organisations ahead of elections in that country in July.
Recorded Future, which has close links with In-Q-Tel, the CIA’s investment arm, and Google Ventures, claimed the attacks were aimed at obtaining access to sensitive and proprietary technologies and data.
"We believe TEMP.Periscope reused published TTPs either to increase the group’s chances of success in gaining access to the victim network or to evade attribution by laying false flags to confuse researchers," the company's Insikt Group said in a blog post.
The company made the following observations:
The attackers likely used a command and control domain, scsnewstoday[.]com, that was identified in a recent TEMP.Periscope campaign targeting the Cambodian government. The attackers used a Chinese email client, Foxmail, to send the spearphishing attack. A unique technique documented as a Dragonfly TTP in targeting critical infrastructure was used in the attack. The technique attempts to acquire SMB credentials using a “file://” path in the spearphish calling out to a malicious C2. The attack probably made use of a version of the open source tool Responder as an NBT-NS poisoner. APT28 used Responder in attacks against travellers staying at hotels in 2017. The UK engineering company was previously targeted by TEMP.Periscope in a May 2017 campaign with the same C2 infrastructure that was used in targeting US engineering and academic entities later in September 2017, as detailed in Proofpoint’s Leviathan report ."Recorded Future expects TEMP.Periscope to continue to target organisations in the high-tech defence and engineering sectors," the company said.
"The Chinese strategic requirement to develop advanced technology, particularly in marine engineering, remains an intense focus as China looks to dominate the South China Sea territory.
"We believe TEMP.Periscope will continue to use commodity malware because it is still broadly successful and relatively low cost for them to use. They will continue to observe 'trending' vulnerabilities to exploit and use techniques that have been publicly reported in order to gain access to victim networks."
47 REASONS TO ATTEND YOW! 2018With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.
Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).
YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’llbe amazed by the great ideas (and perhaps great talent) you’ll take back to the office!
Register now for YOW! Conference
Sydney 29-30 November
Brisbane 3-4 December
Melbourne 6-7 December
Register now for YOW! Workshops
Sydney 27-28 November
Melbourne 4-5 December
REGISTER NOW!
LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACKAustralia is a cyber espionage hot spot.
As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.
It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.
In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.
Cyber security can no longer be ignored, in this white paper you’ll learn:
How does business security get breached?
What can it cost to get it wrong?
6 actionable tips
DOWNLOAD NOW!
