Telecommunication Attack on U.S and South East Asia APT-5

By -

APT-5 is a frequent active threat, since 2007. They target countries which has telecommunication, defense, tech-firm which supports high-tech manufacturing, like US and along with major Asian and European countries.

 


 

Major Target Areas

Wireless communications are said to be the most attacked division, but other divisions like grid area communication, regional telecom provider, Asian-based communication, satellite communications, military applications are also equally targeted.

 



APT 5

The goal is simple yet lethal, it simply makes modification into the files and leaves less traceable track. The fact that it becomes lethal is, when it was done in satellite communications and military software programs, the images taken for confidential proprietary is exposed. Regardless of the operating system, even the embedded operating systems that are connected with an IP is vulnerable. This happens, when the computer files are introduced with the keylogger enabled Malware used to support the application used by this group. The phishing, e-mails are likely to be considered as another possibility.



Threat Vectors

The APT 5, appears to be a large threat group of actors with its focus on telecommunications. It is also said to have following subgroups to support their goal. In 2014, the US telecommunications were breached and some of the important data's been compromised. 

During an observation in South Military communication, it is found that the actors stole military technology files and with this observation it suggests the attackers were interested in technology developed and equipment files. In some of their attacks on US telecommunications and satellites, the router images are not only downloaded but modified by keeping the original images out of reach. 

To be explained further, files that contains product specs, emails regarding technical purchases, government proposal for product purchase like unmanned aerial vehicle(UAV). 

UAV Licensing

 

 

In 2015, a new amendment act was introduced by FAA, to operate a UAV one must acquire license. This was done due to a casualty occurred in 2005 and reported in 2011, thus made mandatory to gain license. This states, how a military and defense technological advances play a vital in competing against their axis countries.


Associated malware

Pitchfork, Poison Ivy, GIF89A, Farcry, Tightrope, Cleanact, Cyfree, Hazelnut, Coolwhip. These are  few among the various malware used in attacks.

 



Pitchfork

Aim

It is a software tool with the directory files of trade and share. It helps in graphing the share market of three different types simultaneously.

Vulnerability

It had an improper privileged management vulnerability in trident pitchfork components that can result in A standard unprivileged user could gain system administrator privileges, within the web portal. Using the exploit the attackers can log in, edit and delete the profile present in the admin.


Poison Ivy

Aim

It is a library file which allows the Java application to be delivered without bundling other library dependencies. It allows to create a backdoor to copy its file within itself under system32 folder.

Vulnerability

One of its biggest vulnerability is that, the backdoor accessibility can be configured to inject itself into a browser before it sets to create an online connection. This aids in bypassing the firewall.
This bypass over the system 32 folders allows the attackers to extract every bit size file present in it and infect the computer.

Example





GIF89A

Aim

Graphics Interchange Format, a protocol for the online transmission and interchange for raster graphic data which is independent for the hardware used in displays. It is used to provide the necessary protocol blocks and sub-blocks for the architecture built.

Vulnerability

icqateimg32.dll parsing/rendering is a library file found to be a vulnerability in ICQ Pro. It happens to cause a denial of service when the GIF89A headers are malformed. This happens when an image descriptor is not provided properly that opens up the bug library file, creating a possible chance for unauthorized access.

Example






Farcry

Aim

It is a type script library for type-safe RPC over the HTTP. The goal is to be a server application with single source of truth. A library which combines the work of other new table but without bringing new workload, into a powerful solution.

Vulnerability

Cross Site Scripting was the vulnerability found in various viable enterprise databases like MSSQL, MySQL and Oracle. It exists because when an input is passed to search parameters in search module, it isn't properly sanitized before being returned to the user. 

This allows the attackers to create a specially crafted URL that executes arbitrary code in one's browser.

Example









Tightrope

Aim

It is a library file which makes the slash writing commands easier. It is used to turn any command into a text file and makes it readable to other WAI-commandable programs.

Vulnerability

A directory file in the system, (C:\TRMS\Services Directory) allowed an insecure permission to the attackers. It is said to be a default bug which later became a vulnerability. This gave access to the attackers to extract data's and privileges from a restricted account to full system by replacing the Service.exe file with their own customary mutilated file.

Example










 

 

So, these are some of many software packages, scripts and library files which are modified to malware by using their vulnerability to serve the attacker's goal.

 

                                  

Also don't forgot to check out our previous posts for other APT's.   Stay tuned for APT-6.

Comments

Post a Comment

Popular posts from this blog

Banning that paved the road to success for The Indian Apps

By -
Image
We all know about the Chinese apps ban done in India which created a tornado among the digital life not only destroyed the income of China apps but created new fields for the Indian Apps to blossom among us. Before I explain about various Indian apps that rose to our attention, we all need to know a little details about the security clearances an app posses. Every apps we install asks for permissions and we simple press accept all without giving a second thought why it asks and what's the requirements. Let me tell a real scenario to you which it took place on Aug '19. When my cousin and I were talking about ghosts incident, are they real or not! and during our conversation we were transferring a movie to one of our mobiles via ShareIt. Before our session, ShareIt showed some travel related contents as we were traveling, post this conversation, ShareIt app showed us the ghost related prank videos. We were shocked so I did a research about t...
Read more

The Millionaire: ProFun into A ProFession

By -
Image
The world stuck by thunder and everything stood still . During this pandemic situation people started to realize the worth of their life and the precious time they hold. This made everyone to value their loved ones and they utilize their time worthwhile. Among them, the gamer’s started to think productively and the perspectives have been changed about How to earn money!  Have you ever heard about the word   streamers?   Well, no sweat, you're gonna be Insinuated. Gaming started to bloom around the world in the late 2000 ’s . Children  used to play video games by  using the various electronic console-like brick game, video games using the game chip.  A s an up-gradation,   play station reached the  gaming market for  the graphics and the gameplay . The experience was immeasurable   when compared with previous gaming . When the play station was donning the gaming market, PC games came with a price tag, that is far more affordable ...
Read more

How UK invented biscuits and established globally

By -
Hello and welcome to my first post of our blog!!! Here we're gonna see some interesting facts(a product that we consume daily) in my first post.                         Origin of Biscuits   In my country, elders usually carry biscuits whenever they visit their relatives. Even diabetes patients consult themselves towards biscuit, which is enriched in high-fibre. It shows that biscuits have made a major impact on our daily life. Regardless of age, biscuits are favoured by everyone. Have you ever imagined how it was originated? Okay, before we get deeper into it, I wanna share some interesting facts that I found while doing my research. Prepare to be baked! The biscuit was invented before World War I The inventor of the biscuit served under Queen Victoria, though he owns his factory. Biscuits were found to be one of the favorite consumables for sailors. The UK nearly had about 30% of exports share in biscu...
Read more