London-based security agency Positive Technologies (PT) has identified a notorious Chinese Calypso APT (Advanced Persistent Threat) group that waged cyberattacks on at least six global government institutions in the recent past.
As per Positive Technologies, the Calypso APT team targeted government agencies in India (34%), Brazil and Kazakhstan (18 % respectively), Russia and Thailand (12% respectively) and Turkey (6%).
To avoid early detection, they moved along the network either by exploiting Remote Code Execution vulnerability (MS17-010) or by using stolen credentials. It can be noted that Microsoft patched the MS17-010 issue with March 2017 firmware patch, but some organisations neglected to upgrade to the new update.
The apathy of system admins gave an opportunity for hackers to sneak into the networks and steal sensitive detail. In some instances, they damaged the secured network infrastructure leading to the denial of services.
As per the PT report, the Calypso ATP group used PlugX malware and Byeby trojan (aka SongXY malware) to infiltrate the computer networks of the government agencies.
"These attacks succeeded largely because most of the utilities the group uses to move inside the network are widely used by the specialists everywhere for network administration. The group used publicly available utilities and exploit tools, such as SysInternals, Mimikatz; EternalBlue, and EternalRomance. Using these widely available tools, the attackers infected computers on the organization's LAN and stole confidential data," Denis Kuvshinov, Lead Specialist in Threat Analysis at Positive Technologies, said in a statement.
It can be noted that Calypso APT is not responsible for the malware in Kudankulam nuclear plant. It is reported to be a handiwork of North Korean cyber criminals.
Read more | NPCIL admits to the presence of malware in Kudankulam nuclear plant
Here are some of the good cybersecurity practices that system administrators should follow:
Corporate and government-run agencies ' system administrators are advised to use specialized systems for deep traffic analysis. This will help to detect any suspicious activity at the early stages of the attackers' incursion into the LAN.
Also, administrators should be highly vigilant on security breaches small or big, particularly along with perimeter and web applications protection system. This will also help in early detection and thus prevent the criminals from getting a foothold in the company infrastructure, the company noted.
Get the latest news on new launches, gadget reviews, apps and more on personal technology only on DH Tech.
