Initial Infiltration of Construction and Engineering APT-6 & APT-7

By -

Both APT 6 & APT 7 are so similar but with the slightest differences. They both steal something that's not the same yet similar.

Construction, Aerospace, Engineering and defense industrial estate are targets of APT 7. For APT 6, they share the same domain but with additional targets, Transportation, construction and materials.


The attacked areas are also similar, as in

The APT 6's goal is to heist a data, whereas the APT 7 steals intellectual property.

 

            Credits: Kaspersky

If you are new to this post and not aware of about what APT is check out our first blog listed under APT which will provide you more insights.

Advanced Persistent Thread-6

  • Anonymity
  • FBI alert
  • The backdoor
  • RAT
  • Prevention techniques

Anonymity 

The cybersecurity elite group confirmed that their digital signatures were so unique, meaning this APT-6 digital signature were entirely new. Zscalar who actually informed FBI saying that many organizations was attacked by a new APT group. They took it in a lethargic way like this happen later they realized. Between the thread group were stealing sensitive information for a period a one month. 



 

FBI Alert

FBI issued a high alert for the organizations in the US. The public Alert named as "FBI FLASH Alert A-000067-DM, 12 FEB 2016". This was later posted in alien vault for a public awareness. 

While we were collecting data about the APT6 we collected information about the name of the malware and the backdoor used but, we can't find the malware functionalities. There might be a chance that the malware can't be broke nor the government didn't want to disclose the IOC to the public. For Thai CERT report, click here. Unlike other APT this also started with a spearfishing point.

The Backdoor- Poison Ivy 

 

                                                                                                                                                                      Credits: Empello

It's a rat Trojan that allows the attackers to customize the file and execute it as an RAT malware. It consists of two main parts, one is initializing and maintenance code and networking code. At first a particular file of the malware is sent over spearfishing mail and then other parts are downloaded using a web server that are supported by the PIVY file. This malware is designed in such a way that even a user manually stops the execution, it still enables itself by use of the CALL instruction embedded in it. APT-6 used a modified version of poison Ivy to make connection with the command and the control  server option.

What is RAT?

RAT(Remote Access Trojan) is a malware which gains admin privilege access when the user executes it. 

 

 
Credits: Cisco
 
This malware file typically transferred via spearfishing mails or by download cracked version software programs/games. Once the attacker gains access to the system, then they try to turn them into a botnet by affecting the entire network. Some major features of RAT Malware are
  • Key logging
  • Screen capturing
  • Video capturing
  • File transfers
  • System administration
  • Password theft
  • Traffic relaying

The latest riot by redfoxtrot group

Some common TCP ports used by PIVY are 443,80, 8080, 8000,1863, make sure that any unknown services are running in your network. 
 

 

 

Prevention

Since we can't find how the malware works we are unaware of the malware removal process but, we here are some tools for preventing Poison Ivy backdoor. These tools will work fine until or unless the backdoor is tailored for a targeted attack. Below are some Linchpin tools used,

 

 

APT 7

The cyber operation of intellectual property theft is to steal data of the appropriate companies that are involved in this line of work. They target the U.S and U.K countries which are already infiltrated but by other APT's. 

The attack vectors by the threat actors attacks two or more organization of a parent company which comes under their target, but also attacks other organizations that share their threat.


Malware
DigDug

It is a library file helps in web driver service tunnels. It connects current server with other cloud driver tunnels.

Vulnerability

Apparently it doesn't have a direct vulnerabilities right from its launch, but while creating a new ammendment in its server, an URL with a proxy server provides every access that are given to a legal account.

This let the actors in dark and helps to exploit the server.

 


Tracks

It is a compatible web application built on rails with Ruby. Owned by GTD company.

Vulnerability

A vulnerability had happened to be found in the source code of its application. The config file was corrupted in the search engine which leads to the source code field.


Since, there's no direct vulnerabilities present in the exploited malware and the actors targetted only for the intellectual property data's the exploitation was minimally evasive. Yet, we cannot deny the fact that the actors didn't go further to exploit the found indirect bug and made it into much big a deal than it already is.

Comments

Post a Comment

Popular posts from this blog

Banning that paved the road to success for The Indian Apps

By -
Image
We all know about the Chinese apps ban done in India which created a tornado among the digital life not only destroyed the income of China apps but created new fields for the Indian Apps to blossom among us. Before I explain about various Indian apps that rose to our attention, we all need to know a little details about the security clearances an app posses. Every apps we install asks for permissions and we simple press accept all without giving a second thought why it asks and what's the requirements. Let me tell a real scenario to you which it took place on Aug '19. When my cousin and I were talking about ghosts incident, are they real or not! and during our conversation we were transferring a movie to one of our mobiles via ShareIt. Before our session, ShareIt showed some travel related contents as we were traveling, post this conversation, ShareIt app showed us the ghost related prank videos. We were shocked so I did a research about t...
Read more

The Millionaire: ProFun into A ProFession

By -
Image
The world stuck by thunder and everything stood still . During this pandemic situation people started to realize the worth of their life and the precious time they hold. This made everyone to value their loved ones and they utilize their time worthwhile. Among them, the gamer’s started to think productively and the perspectives have been changed about How to earn money!  Have you ever heard about the word   streamers?   Well, no sweat, you're gonna be Insinuated. Gaming started to bloom around the world in the late 2000 ’s . Children  used to play video games by  using the various electronic console-like brick game, video games using the game chip.  A s an up-gradation,   play station reached the  gaming market for  the graphics and the gameplay . The experience was immeasurable   when compared with previous gaming . When the play station was donning the gaming market, PC games came with a price tag, that is far more affordable ...
Read more

How UK invented biscuits and established globally

By -
Hello and welcome to my first post of our blog!!! Here we're gonna see some interesting facts(a product that we consume daily) in my first post.                         Origin of Biscuits   In my country, elders usually carry biscuits whenever they visit their relatives. Even diabetes patients consult themselves towards biscuit, which is enriched in high-fibre. It shows that biscuits have made a major impact on our daily life. Regardless of age, biscuits are favoured by everyone. Have you ever imagined how it was originated? Okay, before we get deeper into it, I wanna share some interesting facts that I found while doing my research. Prepare to be baked! The biscuit was invented before World War I The inventor of the biscuit served under Queen Victoria, though he owns his factory. Biscuits were found to be one of the favorite consumables for sailors. The UK nearly had about 30% of exports share in biscu...
Read more