Tag Archives: targeted attacks

China-based ‘Cloud Hopper’ Campaign Targets MSPs and Cloud Services

A new report by PwC UK and BAE Systems has revealed a sophisticated cyber campaign “of unprecedented size and scale” targeting managed IT service providers (MSPs). The campaign, dubbed Operation Cloud Hopper, was motivated by espionage and information gathering, as evidenced by the attackers’ choice of high value and low profile targets.

The authors of the report were able to conclude that Operation Cloud Hopper is almost certainly the work of a previously known group called APT10. The APT10 group is already well known in the world of cybersecurity, and it is a widely held view that it is based in China.

Using forensic analysis of operational times and IP zones, the authors of the report were able to conclude with a high level of certainty the identity of the group, their location in China, and the extent of the campaign. They were even able to sketch a portrait of their workday, including “a two hour lunch break”.

“Operating alone, none of us would have joined the dots to uncover this new campaign of indirect attacks,” Richard Horne, cyber security partner at PwC, recently told the BBC.

APT10 appears to be a well-staffed, highly organized operation with extensive logistical resources. According to the report, the group uses a variety of customized open-source software, original bespoke malware, and spear phishing techniques to infiltrate their targets’ systems.

Their strategy of choosing MSPs as a primary target has given them “unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally,” according to the report. “Given the level of client network access MSPs have, once APT10 has gained access to a MSP, it is likely to be relatively straightforward to exploit this and move laterally onto the networks of potentially thousands of other victims.”

Luis Corrons, technical director of PandaLabs, points out that carefully selecting targets, and customizing attacks accordingly, is more common every day. “Aside from the myriads of common cyberattacks businesses regularly have to deal with, nowadays we are witnessing huge increases in the amount of attacks in which cybercriminals are actually inside their victim’s network, adapting to his defenses and carrying out strikes with surgical precision as they target specific assets,” wrote Mr. Corrons in an email.

The Cloud Hopper campaign comes at a time when geopolitical tensions are increasingly crossing over into the realm of cyberespionage and cyberwarfare. Though the report does not openly suggest that there was any involvement on the part of the Chinese government, it does point out that the targeting of diplomatic and political organizations, as well as certain companies, “is closely aligned with strategic Chinese interests.”


Adaptive Defense Lets You Rest Easy

Fortunately, targeted attacks, even sophisticated ones perpetrated by highly professional groups like APT10, are pieces of cake for Panda’s Adaptive Defense. As it sees absolutely everything happening on all computers, it can stop these kinds of attacks proactively. Adaptive Defense can also provide forensic information about threats, by giving detailed and intelligent traceability for everything that happens on a company’s IT infrastructure — threat timeline, information flow, the behavior of active processes, etc.

Adaptive Defense 360 is the first cybersecurity managed service that combines next-generation protection (NG EPP) and detection and remediation technologies (EDR), with the ability to classify 100% of running processes. With this innovative technology, it is able to detect and block malware that other protection systems miss.

The post China-based ‘Cloud Hopper’ Campaign Targets MSPs and Cloud Services appeared first on Panda Security Mediacenter.

When cyber-security becomes an affair of state


The Netherlands, France and Germany will hold presidential elections in the coming months. A series of electoral processes that take place in the wake of the U.S. elections, during which, Russian cyber-attackers leaked thousands of Democratic National Committee emails which some claim may have affected the election result – a possibility ruled out by President Trump despite finally admitting the existence of said attacks.

Dutch authorities will count all

election ballots by hand to stop hackers.

Following the events on the other side of the pond, some European leaders are now worried that Russian cyber-espionage groups may try to influence their elections in order to help far-right candidates. European Security Commissioner Julian King has admitted that cyber-attacks could be used “to manipulate democratic processes.” More specifically, cyber-security experts fear the possibility that phishing attacks may be used to extract confidential information that tarnishes the reputation of certain candidates, as was the case with Hillary Clinton.

Growing cyber-security fears ahead of coming European elections 

The first elections will take place in the Netherlands, where voters will go to the polls on March 15. The Dutch government has resorted to extreme measures to combat cyber-attacks aimed at manipulating the general election. In fact, Dutch authorities have announced that they will count all ballots cast by hand, and will communicate the election results by phone to avoid any risk of hackers messing with the results. This announcement was made after a cyber-security expert stated that the software used at Dutch polling stations is vulnerable to hacking.

The two rounds of France’s 2017 presidential elections will take place on April 23 and May 7, and French authorities are warning political parties about the increased threat of cyber-attacks. French Defense Minister Jean-Yves Le Drian recently said that in 2016 about 24,000 external attacks against his ministry were blocked by security, and warned of a real risk of cyber-attacks on French civil infrastructure such as electricity, telecommunications and transport.

Germany will hold its federal election on September 24. According to Stefan Soesanto, cyber-security expert at the European Council on Foreign Relations, the German federal system could lead to communication failures among security teams. Just a few months ago, German Chancellor Angela Merkel expressed her concern that Russia could try to influence Germany’s general elections, and recently indicated that security will be a key issue in the election campaign.

Taking all of this into account, it seems clear that cyber-security will play a key role in order to stop cyber-attacks from having an impact on Europe’s upcoming elections.  However, it is not only political parties that must step up their defenses. The best way for your organization to protect itself against cyber-attaks, including phishing emails, is to have an advanced cyber-security solution in place, such as Panda’s Security Adaptive Defense 360. Prevention, detection, response and remediation becomes an affair of state.

The post When cyber-security becomes an affair of state appeared first on Panda Security Mediacenter.

Microsoft Patches Zero Day Disclosed by Google

Microsoft released 14 security bulletins today, six rated critical. Among the fixes is a patch for a Windows kernel zero-day vulnerability disclosed by Google that was being used in attacks by the Sofacy APT gang.

Attributing Advanced Attacks Remains Challenge For Researchers

Kaspersky Lab researchers participated in a Reddit AMA, touching on topics such as attack attribution, critical infrastructure security, attacker and researcher tradecraft, and the shortage of security talent.

Misunderstanding Indicators of Compromise

In this Threatpost op-ed, Dave Dittrich and Katherine Carpenter explain the dangers of conflating measurable events, or observables, with indicators of compromise, which require context and other constructs to provide true threat intelligence.