This article is more than 1 year old

China-linked hacking gang ‘APT10’ named as probable actor behind extended attacks on Japanese companies

Campaign even targeted branch offices inside China and sought secrets of automotive and engineering companies

Broadcom’s security subsidiary Symantec has named a China-linked hacking gang known as “APT 10” and “Cicada” as the probable source of a year-long attack on Japanese interests around the world.

Symantec’s analysis of the campaign detailed how APT 10 used custom malware named Backdoor.Hartip, plus more prosaic methods such as DLL side-loading and the ZeroLogon vuln that the US Cybersecurity and Infrastructure Security Agency considered sufficiently serious to justify an unusual hurry-up-and-patch-ASAP warning notice.

Cicada may even have used those tools within China, an unusual act as criminal hacking gangs are generally happiest operating outside their own territory. Symantec suggests Cicada did so because its mission was to hit Japanese companies’ operations around the world and suck out data about those operations – especially from automotive companies. Firms in the fields of electronics, engineering, manufacturing, pharmaceuticals, and professional services were also among the targets.

The attack ranged across South-East Asia and stretched into Europe, North America, and even had a crack in the United Arab Emirates.

china hacking

Hey China, while you're in all our servers, can you fix these support tickets? IBM, HPE, Tata CS, Fujitsu, NTT and their customers pwned

READ MORE

Symantec detected the attack after noticing DLL side-loading at one customer and, upon investigation, observed similar actions around the world.

Once target networks had been compromised, Symantec observed abuse of local Active Directory implementations, credential theft, and archiving of files before their exfiltration to public clouds.

Some of the efforts involved obfuscation techniques and shellcode on loader DLLs that Symantec has seen Cicada use in past attacks, leading the firm to name the gang with “medium confidence”. Allegations of Cicada/APT10’s links to China were made by the US Department of Justice in 2018, when it was alleged that IBM and HPE were among the gang’s victims. ®

More about

TIP US OFF

Send us news


Other stories you might like