A security firm claims that the Chinese government is sponsoring a hacking group way back in 2019. The cybercriminals are allegedly exploiting ZeroLogon vulnerability in automotive, pharmaceutical, and industrial attack waves.
Also Read : TCL Smart TVs Have 'Backdoor' Security Flaw, Experts Find - Here's How to Protect Your TV
ZDNet reported that the hacking group is working on a massive campaign, targeting pharmaceutical, engineering, and automotive entities across the globe. The massive attack is already targeting some businesses using the recently-disclosed security vulnerability.
According to Bleeping Computer's latest report, several Japanese companies and subsidiaries from multiple industry sectors in 17 regions across the world are also targeted.
Cicada hacking group
Symantec claimed that the global cyberattack campaign is done by the Cicada group, also known as Stone Panda, APT10, or Cloud Hopper. The threat group was first identified in 2009.
The United States also claimed that the hackers are supported by the Chinese government. Symantec security researchers said that Cicada's most recent attack wave has been ongoing since mid-October in 2019.
The massive campaign is believed to be active at least this October of 2020. Cicada was reportedly using a variety of techniques and tools to conduct cyber attacks. Since the group is well-resourced, it is able to continue its hacking campaign for almost a year.
Cicada's strategies and techniques
Cicada or APT10 is using different methods to exploit its ZeroLogon vulnerability. These include network reconnaissance, command-line utilities, PowerShell scripts, DLL side-loading, credential theft, and both RAR archiving.
A legitimate cloud hosting provider is also included. It helps the hacking group regarding packaging, downloading, and exfiltrating stolen data from different companies.
Cicada uses a toolkit called CVE-2020-1472. This utility issued a CVSS score of 10 and was patched by Microsoft in August. On the other hand, the ZeroLogon vulnerability allows the hackers to hijack domains and spoof domain controller accounts, as well as breach Active Directory identity services.
Aside from the ZeroLogon, the international hacking group also launched Backdoor.Hartip, a new custom malware, which is not yet seen in connection to the APT10 group. This vulnerability is also designed to targets top businesses in different countries.
Symantec also suggested that the cyber criminals are focused on the cyberespionage and theft of sensitive company data. These include HR documents, meeting demos, expensive information, and corporate records.
For more news updates about other hacking groups, always keep your tabs open here at TechTimes.
Related Article : US Military Allegedly Buying Location Data From Ordinary Apps, Including A Muslim Prayer App
This article is owned by TechTimes.
Written by: Giuliano de Leon.