The U.S. government has charged seven men in relation to hundreds of cyber attacks against organizations in the U.S. and multiple other countries in Asia and Europe. Two of the men, who were based in Malaysia, were arrested and their extradition to the U.S. has been requested. The other five are based in China and remain at large.
The attacks were attributed to a China-linked organization dubbed APT41 and involved a combination of intellectual property theft and financially motivated cyber crime. While some of our peers monitor APT41 as a single operation, Symantec regards it as two distinct actors: Grayfly and Blackfly.
Grayfly
Grayfly has been particularly active in recent years, mounting high volume espionage attacks against organizations spread across Asia, Europe, and North America. They are interested in a wide range of sectors, including food, financial, healthcare, hospitality, manufacturing, telecoms, and government. It is known for using the Barlaiy/POISONPLUG and Crosswalk/ProxIP (Backdoor.Motnug) malware families in its attacks. Victims are frequently compromised by exploiting public facing web servers.
In recent attacks, Symantec has seen Grayfly deploy Backdoor.Motnug against targeted organizations in conjunction with publicly available Cobalt Strike malware. Backdoor.Motnug provides the attackers with comprehensive remote access to the network and creates proxy connections allowing access to hard-to-reach segments of a target network. In one attack against a telecoms provider, Grayfly was seen using an internal tool capable of interacting with an SMS database, demonstrating that intelligence gathering was the motive of the attack.
Prosecutors in the U.S. have charged three Chinese men – Jiang Lizhi, Qian Chuan, and Fu Qi ..
Support the originator by clicking the read the rest link below.
