The precedence of Cyberwar from China APT-2

By -

Welcome to the Cyber precedence of China Part-2, Today we are just curious to learn about how APT-2 attack was successfully conducted by targeting Military and Defense network. APT-2 doesn't damage any property instead it was stealing all the information from the unencrypted web and network interface. If you are curious to know about APT-1 and what APT does, check our first previous blog.

APT-2 Consists of two main Malwares

  • MOOSE
  • WARP

Moose Malware
                                                                                                                                Source: LinuxInsider
 

Chinese Attackers combined these two malwares and created a new attack vector. Before understanding what is APT-2 we need to know how these malwares work individually.

 

 

MOOSE Malware

MOOSE Malware was created to target  Linux based system which runs on ARM and MIPS Architecture. The main motto of creating this malware is to steal the cookies present in the network and send it to c2c servers. This malware targeted Routers, modems and devices provided by the ISP's. Initially this was introduced into the web through phishing attacks and by visiting unencrypted websites "HTTP".

Once the device gets affected it used to pick up all the cookies automatically. The creators primarily targeted Social media platforms like Instagram, Facebook, YouTube and so long as they were using HTTP at that time. While the people were so curious about to likes, follows and comments the hackers decided to use their cookie for creating multiple accounts using those details.

Social media platforms used to block creating multiple accounts by tracking down the IP. Modern techniques are being introduced today but, in 2012 there were no modern methods deployed to avoid frauds. 

 

  

MOOSE Working

Once it reached a Linux desktop/ laptop is used to look for the DNS and the servers connected with the machine. Then using its multi threading capacity it uses to find all the IP within and outside the network. Once those basic recon is done it then brute forces the Telnet and the FTP passwords. It had a list of passwords that the vendor was using to actually protect the devices while shipping. These passwords are pronounceable and easily crackable. It periodically checks for the TCP port where the above-mentioned services were running. From there it is used to steal the cookie and send it to C2C server. It also affected various Windows servers and desktops.

WARP Malware

WARP Malware is a Trojan created from old school name Zxarps. The main work of this Trojan is to behave as a router. Once the system gets infected with WARP Trojan the systems tends to behave as a router and asks all the device to send its ARP Request to the infected device. A sample ARP request is shown below

ARP Request


You can even capture your ARP request and response through a Wireshark interface. Once you actually expand the message there will be multiple data going in and out of your device. The WARP malware is used to inject the <iframes> into the website that the user is visiting, and even the user is not aware about it. So once the iframe is injected users visiting that particular website all over the website will slowly become vulnerable. This Trojan is actually an category of Adware in China.

Once iframe is injected the hacker can literally brute force the logins, find passwords if is really not configured properly and moreover he can actually modify the website from his licking by using a proxy. Click here to know more about <iframe and HTML Injection>.

 


 

APT-2

Once these malwares infected in a network then they tend to steal the IP address, website details, Username, passwords and cookie value. By using all these values the hackers can create multiple accounts using your cookie value, and then they can actually do many things all they like.  

Prevention

  • Change Default Passwords
  • Use strong password policy
  • Configure the website properly 
  • Perform periodic security checks
  • Update your system firmware once released by vendors


For more details and references visit our sitemaps.

Comments

Post a Comment

Popular posts from this blog

Banning that paved the road to success for The Indian Apps

By -
Image
We all know about the Chinese apps ban done in India which created a tornado among the digital life not only destroyed the income of China apps but created new fields for the Indian Apps to blossom among us. Before I explain about various Indian apps that rose to our attention, we all need to know a little details about the security clearances an app posses. Every apps we install asks for permissions and we simple press accept all without giving a second thought why it asks and what's the requirements. Let me tell a real scenario to you which it took place on Aug '19. When my cousin and I were talking about ghosts incident, are they real or not! and during our conversation we were transferring a movie to one of our mobiles via ShareIt. Before our session, ShareIt showed some travel related contents as we were traveling, post this conversation, ShareIt app showed us the ghost related prank videos. We were shocked so I did a research about t...
Read more

The Millionaire: ProFun into A ProFession

By -
Image
The world stuck by thunder and everything stood still . During this pandemic situation people started to realize the worth of their life and the precious time they hold. This made everyone to value their loved ones and they utilize their time worthwhile. Among them, the gamer’s started to think productively and the perspectives have been changed about How to earn money!  Have you ever heard about the word   streamers?   Well, no sweat, you're gonna be Insinuated. Gaming started to bloom around the world in the late 2000 ’s . Children  used to play video games by  using the various electronic console-like brick game, video games using the game chip.  A s an up-gradation,   play station reached the  gaming market for  the graphics and the gameplay . The experience was immeasurable   when compared with previous gaming . When the play station was donning the gaming market, PC games came with a price tag, that is far more affordable ...
Read more

How UK invented biscuits and established globally

By -
Hello and welcome to my first post of our blog!!! Here we're gonna see some interesting facts(a product that we consume daily) in my first post.                         Origin of Biscuits   In my country, elders usually carry biscuits whenever they visit their relatives. Even diabetes patients consult themselves towards biscuit, which is enriched in high-fibre. It shows that biscuits have made a major impact on our daily life. Regardless of age, biscuits are favoured by everyone. Have you ever imagined how it was originated? Okay, before we get deeper into it, I wanna share some interesting facts that I found while doing my research. Prepare to be baked! The biscuit was invented before World War I The inventor of the biscuit served under Queen Victoria, though he owns his factory. Biscuits were found to be one of the favorite consumables for sailors. The UK nearly had about 30% of exports share in biscu...
Read more