Kaspersky Lab has published a report in which it reveals that a Chinese hacking group has attacked the national data center of an unnamed Central Asian country.
Kaspersky Lab has published a report in which it reveals that a Chinese hacking group has attacked the national data center of an unnamed Central Asian country.
The cyberattacks are said to have been carried out by a group known as LuckyMouse — but also goes by the names Iron Tiger, Threat Group-3390, EmissaryPanda and APT27. The attacks started in 2017, and Kaspersky says that malicious scrips were injected into official website to conduct country-level waterholing campaign.
See also:
Kaspersky says that the group used the HyperBro Trojan remote administration tool to evade antivirus tools between December 2017 and January 2018. The Russian security firm detected the hacking campaign back in March this year. It has opted not to name the country that has been targeted by the hacking group, but says:
There is not enough information about for Kaspersky to be able to determine exactly how LuckyMouse managed to attack government websites in order to get the campaign underway, but the company says: «The main C2 used in this campaign is bbs.sonypsps[.]com, which resolved to IP-address, that belongs to the Ukrainian ISP network, held by a Mikrotik router using firmware version 6.34.4 (from March 2016) with SMBv1 on board. We suspect this router was hacked as part of the campaign in order to process the malware’s HTTP requests. The Sonypsps[.]com domain was last updated using GoDaddy on 2017-05-05 until 2019-03-13.»
In a blog post about the attacks, Kaspersky’s Denis Legezo says that they could be indicative of a new, sneakier breed of hackers:
Image credit: Allexxandar / Shutterstock
