New attack from APT31 targets Russia, US, and Canada

China’s new privacy law requires state-owned and private-sector businesses that handle personal information to minimize data collection and obtain prior consent-Copyright AFP / File GREG BAKER

NS Positive Technologies Expert Security Center Reveals Details of a new cyberattack launched by APT31, a criminal group known to target world government agencies.The origin of his threat Derived from China..

As a result of this attack, more than 12 malicious emails have been sent worldwide. This email onslaught occurred between January and July 2021. From a global perspective, traces of the group were found in the United States, Canada, Mongolia, the Republic of Belarus, and for the first time in Russia.

They are Attacks using malicious content that have never been seen before: A new tool in the group is a remote access Trojan that allows criminals to control the victim’s computer or network and steal files from infected machines.

The Remote Access Trojan is a tool used by malware developers to gain full and remote control of a user’s system, including mouse and keyboard control, file access, and network resource access.

read more: North Korean hacker APT38 carried out a $ 600 million crypto robbery

Detailed analysis of malware samples and numerous duplications of features, techniques, and mechanisms used have allowed researchers to attribute the detected samples to APT31.

In particular, researchers have detected a link to the phishing domain inst.rsnet-devel.[.]com mimics the domain of federal agencies and the subject government agencies of the Russian Federation for the Internet segment. This is a malicious domain designed to mislead government officials and companies that work with government agencies.

What is known about the group’s new tools:

  • Use technology to avoid detection and self-delete after achieving the goal, and delete all files and registry keys you create.
  • In some cases, such as attacks in Mongolia, the dropper is signed with a valid digital signature that is most likely stolen, demonstrating a high level of knowledge of the attacker.
  • Malware can be used as part of a global campaign that includes cyber espionage
  • To make the malicious library look like the original version, criminals named it MSVCR100.dll. A library with the exact same name is part of Visual C ++ for Microsoft Visual Studio and is present on almost every computer.In addition, the name found in the legitimate MSVCR100.dll is included as an export

Even more worrisome is that Positive Technologies researchers believe that version 1.0 is the only potential malware, based on the values ​​embedded in the code and contained in the network package.

This trend shows that hacker groups are expanding their areas of interest. Researchers believe that further attacks from this group, including those against Russia, will soon be revealed. Based on the changes made last year, researchers believe the group is not afraid to make significant changes to the tools. Therefore, future malicious programs may be completely different from those already investigated.

New attack from APT31 targets Russia, US, and Canada

Source link New attack from APT31 targets Russia, US, and Canada

Related Articles

Back to top button