Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,198
- Points
- 113
Critical infrastructure under the gun: who's next?
Modern cyber threats from States, funded and strategically targeted, are complex challenges that require advanced security measures, threat analysis, and international cooperation. Government agencies and state-sponsored groups conduct cyberattacks for a variety of reasons, including espionage, sabotage, and political influence.
The latest threat detected was "Cuckoo Spear", identified as a result of an analysis by Cybereason. The report shows that cybercriminals associated with this threat can remain invisible in the networks of their victims for several years. Cybereason found that the attackers were in the networks of victims from two to three years.
The report also reveals new information about the APT10 group's methods and arsenal. This is a Chinese state-run cyber espionage group that has been active since 2006. The main goal of APT10 is to support China's national interests through intelligence gathering. The group often targets critical infrastructure such as communications, manufacturing, and public sectors.
Cybereason connects the Cuckoo Spear threat to the APT10 group based on an analysis of various incidents related to the Earth Kasha and MirrorFace threats. During the campaign, the attackers used a new malware called NOOPDOOR, designed to sneak in and extract data from networks.
In a new report, Cybereason demonstrates how NOOPDOOR, a modular program, uses DGA and C2 communication for management. NOOPDOOR is loaded via the NOOPLDR program, which decrypts and executes it. Cybereason observed the use of LODEINFO and NOOPLDR/NOOPDOOR in the same campaign, which allows you to link them together. LODEINFO is used as the main entry point, and NOOPDOOR is used for long-term stay on the network.
To detect the presence of "Cuckoo Spear" in the network, Cybereason provided hunting queries and compromise indicators (IOC). Due to the complexity of the threat detection and remediation process, it is recommended to involve a dedicated incident response team.
To combat such threats, organizations are encouraged to implement comprehensive security measures, monitor suspicious activity, and collaborate with cybersecurity experts. For example, disable Internet access, block all domains and IP addresses associated with NOOPDOOR, reset user passwords, and reboot infected machines.
Using open sources of information, Cybereason provides effective recommendations to protect against these threats.
Source
Modern cyber threats from States, funded and strategically targeted, are complex challenges that require advanced security measures, threat analysis, and international cooperation. Government agencies and state-sponsored groups conduct cyberattacks for a variety of reasons, including espionage, sabotage, and political influence.
The latest threat detected was "Cuckoo Spear", identified as a result of an analysis by Cybereason. The report shows that cybercriminals associated with this threat can remain invisible in the networks of their victims for several years. Cybereason found that the attackers were in the networks of victims from two to three years.
The report also reveals new information about the APT10 group's methods and arsenal. This is a Chinese state-run cyber espionage group that has been active since 2006. The main goal of APT10 is to support China's national interests through intelligence gathering. The group often targets critical infrastructure such as communications, manufacturing, and public sectors.
Cybereason connects the Cuckoo Spear threat to the APT10 group based on an analysis of various incidents related to the Earth Kasha and MirrorFace threats. During the campaign, the attackers used a new malware called NOOPDOOR, designed to sneak in and extract data from networks.
In a new report, Cybereason demonstrates how NOOPDOOR, a modular program, uses DGA and C2 communication for management. NOOPDOOR is loaded via the NOOPLDR program, which decrypts and executes it. Cybereason observed the use of LODEINFO and NOOPLDR/NOOPDOOR in the same campaign, which allows you to link them together. LODEINFO is used as the main entry point, and NOOPDOOR is used for long-term stay on the network.
To detect the presence of "Cuckoo Spear" in the network, Cybereason provided hunting queries and compromise indicators (IOC). Due to the complexity of the threat detection and remediation process, it is recommended to involve a dedicated incident response team.
To combat such threats, organizations are encouraged to implement comprehensive security measures, monitor suspicious activity, and collaborate with cybersecurity experts. For example, disable Internet access, block all domains and IP addresses associated with NOOPDOOR, reset user passwords, and reboot infected machines.
Using open sources of information, Cybereason provides effective recommendations to protect against these threats.
Source
