Bioinformatics is essential for the management of data in modern biology and medicine. By finding more secure solutions we will be creating greater opportunity and more efficiency in medical research. ~Audrey Bentley
Bioinformatics is essential for the management of data in modern biology and medicine. By finding more secure solutions we will be creating greater opportunity and more efficiency in medical research. ~Audrey Bentley
Chinese State-Sponsored Cyber Espionage Group
AKA: MenuPass, Stone Panda, POTASSIUM, CNVX, and TA 410
Connections: Tiajin State Security Bureau of The Ministry of State Security
Active Since: At least 2006, however believed to have formed between 2003 to 2005.
Methods: Zero-days, Keylogging, Phishing, RAT (Remote Access Trojan), Backdoor
Target Category: Private Sector & Government
Incident Type: Espionage
Victims: United States, India, Japan, South Korea, South Africa, Sweden, New Zealand, Canada, U.K., France, Australia, Brazil, Thailand, Norway, Finland, Switzerland, and likely more.
“one of the largest ever sustained global cyber espionage campaigns, ran from 2014 to 2017 and impacted multiple western companies in a range of different industries.
”
Campaign Operation Could Hopper’s TTPs (Tactics, Techniques & Procedures) Provided by CISA:
Initial Compromise: Phishing and Spear-phishing
The use of Common and Custom Malware (PlugX, RedLeaves, QuasarRAT)
Stolen Credentials, Lateral Movement, Living-off-the-Land (the use of dual-use tools, which are either already installed in the victim’s environment, or are admin, forensic, or system tools used maliciously)
Encryption or Exfiltrated data from target through MSP networks.
Appears to adjust to public disclosure.
Industries Affected: Engineering, Industrial Manufacturing, Retail, Energy, Pharmaceuticals, Telecommunications, and Government Agencies
Red Apollo(will use this name and APT10 interchangeably) compromised the MSPs by employing multiple malware including several repetitions of RATs including old but notorious families like PlugX, Poison Ivy, Chches, and Graftor, also known to employ dropper Trojans such as ARTIEF along with malicious files that imitate signatures or properties of a legitimate Microsoft file, as well as Microsoft Office documents that contain malicious codes that exploit system vulnerabilities. These malware were delivered through spear-phishing emails. In total Operation Cloud Hopper used over 70 variants of backdoors, malware, and trojans.
APT10 didn’t just infect systems that were of high value, they also installed malware on machines just with the intent to move laterally on targeted computers- a method of trickery to prevent suspicion from the organization’s IT admins.
In 2018 indictments were made against the hacking group. Evidence showed that CVNX wasn’t the name for the group, it was actually an alias for one of the hackers involved, Surprisingly, there were actually only two hackers. However, they both used four aliases each which made it appears as there were more individuals involved in the attack.
In April of 2019 APT10 targeted the government and private organizations in the Philippines.
In 2020 Red Apollo was implicated by Symantec for attacks made in Japan. Their main targets were Japanese orgs in the pharmaceutical, engineering, and automotive sectors, as well as MSPs (Managed Service Providers).
In March of 2021 they targeted the Serum Institute of India (SII) and Bherat Biotech, after identifying gaps and vulnerabilities in their IT infrastructure as well as in their Supply Chain Software. Both of these are Indian vaccine makers. SII made the AstraZeneca COVID vaccine for many countries and is the world’s largest vaccine makers. (India provides more than 60% of all vaccines sold in the World)
It’s pretty clear that the Chinese hacking group’s main motivation was exfiltrating intellectual property and gaining a competitive edge over the Indian Pharmaceutical companies.