Friend
Professional
- Messages
- 2,667
- Reaction score
- 876
- Points
- 113
Cyberspies attack email clients, bypassing even the most powerful security systems.
Cybersecurity experts from the QiAnXin Cyber Intelligence Center have reported the detection of a new threat from the APT-Q-12 group, also known as "Pseudo Hunter". This cyberespionage group, which has roots in Northeast Asia, targets states and companies in East Asia, including China, North and South Korea, and Japan.
The group's activities first became known in 2021, when QiAnXin experts published a technical report. However, the roots of its attacks can be traced back to 2017, when an overlap with the actions of another well-known group, Darkhotel, was revealed.
After 2019, activity associated with the Darkhotel group began to decline, leading to the emergence of new cyberespionage groups such as APT-Q-11, APT-Q-12, APT-Q-14, and others. These groups, using various tactics and methods, focused on attacks on government and corporate targets, and as experts found out, many of them are extensions or offshoots of Darkhotel's activities.
The main method of espionage of APT groups, including APT-Q-12, is the use of sophisticated plugins that allow the attackers to quickly and efficiently extract the desired data from the targeted systems. For example, one of the operations, dubbed 'ShadowTiger', used plugins to scan the file structure and upload documents to the attackers' servers.
APT-Q-12 pays special attention to collecting information about the behavior of victims, using sophisticated phishing techniques and injecting spyware codes into popular email and office applications. The group develops and implements various types of malware tailored to specific platforms, whether desktops, mobile devices, or corporate servers.
One of the most significant discoveries made by cybercriminals was the discovery of Zero-day vulnerabilities in Windows email clients. For example, APT-Q-12 uses sophisticated attack techniques that involve executing malicious code through vulnerabilities in browsers and email applications, allowing them to infiltrate systems and establish control.
During the analysis, several types of malware were identified, among which the Trojan stands out, which is installed into the system through a chain of actions using scripts and special commands. This Trojan is designed to capture and transmit sensitive information, making it a powerful tool in the hands of attackers.
The APT-Q-12 also uses plug-ins to capture keyboard input and collect information about users' activities, which makes it possible to track their daily activity and identify valuable data such as passwords and other credentials. This data is then encrypted and transmitted to the attackers' servers for further analysis and use.
To protect against such threats, experts recommend using modern EDR systems that can effectively detect and prevent attacks at the early stages. Modern information security solutions based on cyber intelligence data are becoming increasingly necessary in the face of growing threats in the East Asian region.
APT-Q-12 continues to develop its attack methods, which poses a serious threat to the security of countries and companies in the region. Specialists continue to monitor their activities and improve protection measures to minimize damage from potential attacks.
Source
Cybersecurity experts from the QiAnXin Cyber Intelligence Center have reported the detection of a new threat from the APT-Q-12 group, also known as "Pseudo Hunter". This cyberespionage group, which has roots in Northeast Asia, targets states and companies in East Asia, including China, North and South Korea, and Japan.
The group's activities first became known in 2021, when QiAnXin experts published a technical report. However, the roots of its attacks can be traced back to 2017, when an overlap with the actions of another well-known group, Darkhotel, was revealed.
After 2019, activity associated with the Darkhotel group began to decline, leading to the emergence of new cyberespionage groups such as APT-Q-11, APT-Q-12, APT-Q-14, and others. These groups, using various tactics and methods, focused on attacks on government and corporate targets, and as experts found out, many of them are extensions or offshoots of Darkhotel's activities.
The main method of espionage of APT groups, including APT-Q-12, is the use of sophisticated plugins that allow the attackers to quickly and efficiently extract the desired data from the targeted systems. For example, one of the operations, dubbed 'ShadowTiger', used plugins to scan the file structure and upload documents to the attackers' servers.
APT-Q-12 pays special attention to collecting information about the behavior of victims, using sophisticated phishing techniques and injecting spyware codes into popular email and office applications. The group develops and implements various types of malware tailored to specific platforms, whether desktops, mobile devices, or corporate servers.
One of the most significant discoveries made by cybercriminals was the discovery of Zero-day vulnerabilities in Windows email clients. For example, APT-Q-12 uses sophisticated attack techniques that involve executing malicious code through vulnerabilities in browsers and email applications, allowing them to infiltrate systems and establish control.
During the analysis, several types of malware were identified, among which the Trojan stands out, which is installed into the system through a chain of actions using scripts and special commands. This Trojan is designed to capture and transmit sensitive information, making it a powerful tool in the hands of attackers.
The APT-Q-12 also uses plug-ins to capture keyboard input and collect information about users' activities, which makes it possible to track their daily activity and identify valuable data such as passwords and other credentials. This data is then encrypted and transmitted to the attackers' servers for further analysis and use.
To protect against such threats, experts recommend using modern EDR systems that can effectively detect and prevent attacks at the early stages. Modern information security solutions based on cyber intelligence data are becoming increasingly necessary in the face of growing threats in the East Asian region.
APT-Q-12 continues to develop its attack methods, which poses a serious threat to the security of countries and companies in the region. Specialists continue to monitor their activities and improve protection measures to minimize damage from potential attacks.
Source
