China accused of cyber espionage by state-sponsored hackers
Law enforcement agencies and intelligence services from Australia, New Zealand, Canada, the United States, Japan and the United Kingdom accuse the People’s Republic of China for conducting malicious cyber operations against Western government organizations.
A hacking group called APT40, also known as Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk, is believed to target Western institutions by order of the Chinese Ministry of State Security.
In an advisory published by the Cybersecurity & Infrastructure Security Agency (CISA), the law enforcement agencies point out APT40 primarily focusses their attention on vulnerable servers and network devices that are end-of-life or are no longer maintained by IT professionals.
The state-sponsored hacking group then rapidly deploys exploits in order to gain access to networks. The group capitalizes on public vulnerabilities in globally used software such as Log4J, Atlassian Confluence and Microsoft Exchange.
APT40 regularly uses web shells to maintain access to the victim’s digital environment.
Investigation showed that the hacking group is misusing the unauthorized access to upload arbitrary files and exfiltrate confidential data, including privileged authentication credentials for lateral movement in a compromised network. Because of this no additional hacking tools are needed to retain access to exploited devices.
CISA warns there’s a lack of comprehensive and historical logging information, including web server request logs, Windows event logs and internet proxy logs. To improve the effectiveness and speed of digital investigations, organizations should consider to centralize logs for a suitable period of time.
Other recommendations include implementing a centralized patch management system to promptly patch all internet exposed devices and services, network segmentation to block lateral movement, using multi-factor authentication (MFA) to make it harder for hackers to access vulnerable networks, and replacing all end-of-life equipment.
Your email address will not be published. Required fields are marked