Tag Archive for: APT10

APT10 targets Japanese entities. Purple Fox gets an upgrade. Android malware poses as system update.


At a glance.

  • APT10 targets Japanese entities.
  • Purple Fox gets an upgrade.
  • Android malware poses as system update.
  • Vulnerable mobile apps.

APT10 targets Japanese entities.

Kaspersky describes a cyberespionage campaign that ran from March 2019 to the end of December 2020. The campaign targeted Japan and entities related to Japan, particularly the country’s manufacturing industry. The researchers “assess with high confidence” that China’s APT10 is behind the operation. The threat actor gained access by exploiting vulnerabilities in Pulse Connect Secure VPNs or by using previously stolen credentials.

Kaspersky says the actor used a unique loader dubbed “Ecipekac” to deliver fileless malware. The researchers explain, “This campaign introduced a very sophisticated multi-layer malware named Ecipekac and its payloads, which include different unique fileless malware such as P8RAT and SodaMaster. In our opinion, the most significant aspect of the Ecipekac malware is that, apart from the large number of layers, the encrypted shellcodes were being inserted into digitally signed DLLs without affecting the validity of the digital signature. When this technique is used, some security solutions cannot detect these implants. Judging from the main features of the P8RAT and SodaMaster backdoors, we believe that these modules are downloaders responsible for downloading further malware that, unfortunately, we have not been able to obtain so far in our investigation.”

Purple Fox gets an upgrade.

Guardicore is tracking a malware campaign dubbed “Purple Fox” that’s recently added a new propagation method. The malware was discovered in 2018, and would spread via exploit kits and phishing emails. In late 2020, however, the malware operators began gaining access by brute-forcing exposed SMB services:

“While it appears that the functionality of Purple Fox hasn’t changed much post exploitation, its spreading and distribution methods – and its worm-like behavior – are much different than described in previously published articles. Throughout our research, we have observed an infrastructure that appears to be made out of a hodge-podge of vulnerable and exploited servers hosting the initial payload of the malware,…

Source…

U.S. charges two alleged members of APT10 Chinese hackers group – TechGenix

U.S. charges two alleged members of APT10 Chinese hackers group  TechGenix

Two alleged members of the APT10 Chinese hackers group have been charged with serious cybercrimes by the U.S. government.

“chinese hackers” – read more

China-based hacker group APT10 now targeting firms in India: US cybersecurity group – FactorDaily


FactorDaily

China-based hacker group APT10 now targeting firms in India: US cybersecurity group
FactorDaily
Raising an alarm for IT service providers and manufacturing companies in India, US-based cybersecurity group FireEye has claimed that China-based cyber espionage group APT10 is using a new set of tools to steal confidential business data from domestic …

and more »

China hackers – read more