Китайские угрозы субъекты КиБой, отслеживаемые как Тропик Троупер и Филиппинах, нацелились на военные сети с воздушной подпиткой на и Филиппинах.
According to Trend Micro researchers, the Chinese group APT Tropic Trooper, also known under the name of KeyBoy, has covered the military air transport networks in Taiwan and the Philippines.
The Tropic Trooper APT, which has been in service since at least 2011, has been highlighted for the first time by Trend Micro’s security experts in 2015 when it covered the government and industry ministries lying around Taiwan as well as the Philippines armed forces.
The threat is directed against government agencies, armaments, health care, transport and high-technology industries in Taiwan, the Philippines and Hong Kong.
Since December 2014, the attaquants will use a programme malveillant appelant USBferry pour attaquer les autorités militaires/ fiscales, les agences gouvernementales, les hôpitaux militaires et une banque nationale.
Recently, we have discovered a group of tropical paratroopers using a USB ferry to protect the physically and physically isolated military environments in the Philippines (the name of a échantillon found in a connected study). Lisez une analysis publiée par Trend Micro. USBferry disposes of options that execute different commands in function of their specific objective; it can also combine functions, improve its discrimination in an infected environment and provide critical information on a specific USB device.
USBferry USB malware can execute various commands on a specific infected system and allow you to filter sensible data on USB drives.
Selon Trend Micro Telemetry, attachments on USB ferries have been in place since December 2014, targeting military or government users in Asie.
The malware was mentioned for the first time in the PwC report, where it was classified as Tropic Trooper APT, but was not the subject of a detailed analysis.
The attackers are first and foremost attacking organisations that are linked to armed forces or the government and that use less security measures than the real ones, since they try to use them as substitutes for the real ones. In one case, pirates have compromised a military hotel and used it to pay for a physiquely isolated military network.
Trend Micro’s researchers have identified at least three versions of logics with different variants and composites.
Trooper Trooper uses an old method to catch an infection: by transporting the installer to an air-conditioned food processor via USB. For the purposes of the Ils report, they use a USB-based infection strategy to transfer the logics to the victim’s food processor and facilitate intrusion into a secure network environment.
The group has used the tracert and ping commands to display the architecture of the
destination network (c’is-à-dire tracert -h 8 22.214.171.124.8 capture the route (chemin) and measure the transit delay of packages on the Internet Protocol (IP) network, whereas the ping commands allow verification of the connection of the destination network).
Attackers have attempted to determine whether the infective ordinance had access to the internal messaging network and the cible messaging pouch.
If there is no network connection, logically collect information from the machine and copy the data onto a USB key.
The experts have also noted that pirates have used several different ports during a recent attack, in particular WelCome To Svchost, Welcome To IDShell and Hey! Bienvenue sur le serveur.
The arsenal of the APT group includes balayage equipment, remote control equipment and noir chariots for stéganographique operations.
This attack can be divided into four important points. First of all, placing critical data on physically isolated networks is not a complete solution to prevent cyber-espionage. Secondly, their preferred method of steganography is used not only to free up an utile charge but also to transmit information to the C&C server. Troisièmement, différents outils et composants de piratage peuvent être utilisés pour mener des attaques sur différents réseaux et environnements cibles. These tools and composites also have an auto-extinguishable command which makes it difficult to trace the chain of attack and all the factors involved. Finally, the use of an invisible web shell masks the deployment of C&C service providers and makes it difficult to detect refrigerated traffic in order to protect the network.
(Affaires de sécurité – Tropic Trooper, Hacking)