APT10 hacking group targets industrial businesses once again

News
By published

Large-scale campaign by APT10 hacking group targets Japanese organisations

APT10 attack
(Image credit: Shutterstock.com)

A persistent, large-scale campaign of cyberattacks has been identified targeting organizations with connections to Japan.

Symantec researchers have uncovered the campaign, which uses the recently discovered ZeroLogon vulnerability, connecting it to exploits against companies based in the industrial, automotive, pharmaceutical and engineering sectors.

The latest wave of attacks has been ongoing since at least the middle of October 2019, only concluding last month. The companies targeted are all well-known entities, many with ties to Japan, which fits the modus operandi of this group. APT10 has been known to target Japanese firms during previous attack campaigns.

“The scale and sophistication of this attack campaign indicates that it is the work of a large and well-resourced group, with Symantec, a division of Broadcom, discovering enough evidence to attribute it to Cicada (aka APT10, Stone Panda, Cloud Hopper),” the Symantec Threat Hunter team explained. “Cicada has been involved in espionage-type operations since 2009, and US government officials have linked the activities of APT10, which we track as Cicada, to the Chinese government.”

A range of tactics

Symantec found that the AP10 group employed a range of tools in the campaign, including network reconnaissance, credential theft, PowerShell scripts and RAR archiving. DLL side-loading was also used to inject a form of custom malware, dubbed ‘Backdoor.Hartip’.

Notably, APT10 was also found to be targeting the ZeroLogon vulnerability. Although a patch was issued for this security flaw back in August, vulnerable devices remain at risk. Previously, the bug has been used by attackers to spoof domain controller accounts, steal domain credentials and compromise all Active Directory identity services.  

It appears that the attackers’ main aim was the theft of information. Japanese organizations, in particular, should remain vigilant, particularly as ATP10 clearly has substantial resources at its disposal to carry out further attacks.

Via ZDNet

TOPICS
Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
Autonomous finance

Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
See more latest
Most Popular
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks