SectorB23 group was found to be active in Germany. In this attack, they used malwares disguised as installation programs of Adobe Flash Player. The group also used MS exchange server vulnerabilities to attack public resource providing companies. SectorB22 group was found to be active in Pakistan and Vietnam. SectorB10 group used the vulnerabilities of MS exchange server, and malwares written in Delphi that were used by the group in the past were identified together. The group also used MS exchange server vulnerabilities, along with SysUpdate backdoor, tools to search NETBIOS name servers and tools to serve HTTP Tunneling functions. SectorB03 group was found to be active in Hong Kong, Taiwan, China, and the United States. During this period, attacks using vulnerabilities of MS Exchange were found, and along with the previously used ShadowPad malware, various tools such as Mimikatz were found to have been used by SectorB01 groups in the attack. The group attacked main infrastructures such as India’s electricity providing power plants, and multiple domains deduced to have been used in the attacks were identified. SectorB01 group was found to be active in India, Taiwan, the United States, the Philippines, Indonesia, and Iran. The LNK file was disguised as a regular program using the file name ‘adobeagent.lnk’.Īmong the SectorB groups supported by the Chinese government, activities by a total of 7 hacking groups were identified this March, and the groups are SectorB01, SectorB03, SectorB10, SectorB22, SectorB23, SectorB25 and SectorB35 groups. LNK format malwares were identified in this activity, which carries out various commands through PowerShell upon execution. SectorB32 group was found to be active in Russia. The attackers intruded the update process of NoxPlayer, an Android emulator, to lead the users to download update programs containing malicious functions. SectorB22 group was found to be active in Taiwan, Hong Kong, Sri Lanka, Uganda, Poland, and Canada. The main targets of this activity were Japanese corporations located in Japan or having overseas branches, and the attacker used vulnerabilities of SSL-VPN as their initial access methods. SectorB04 group was found to be active in Japan, Turkey, and the United States. Among the SectorB groups supported by the Chinese government, activities by a total of 3 hacking groups were identified this February, and the groups are SectorB04, SectorB22 and SectorB32 groups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |