Hackers Operating in the Interest of the Chinese Government Systematically Targeted Linux Servers, Windows Systems and Mobile Devices
Activity associated with five cyber-espionage groups acting in the interest of the Chinese government remained undetected for almost a decade, security researchers at BlackBerry say.
Successfully conducting cross-platform attacks targeting Linux, Windows and Android devices, the adversaries have been engaged in both financially motivated and targeted espionage attacks. The hackers are likely civilian contractors working in the interest of the Chinese government, BlackBerry believes.
The attackers “readily share tools, techniques, infrastructure, and targeting information with one another and their government counterparts. This reflects a highly agile government/contractor ecosystem,” the security researchers explain in a new report (PDF).
For years, these groups have been strategically targeting Linux servers (Red Hat Enterprise, CentOS, and Ubuntu Linux) across a broad range of industry verticals, exploiting the immature defensive coverage within the environment and the inadequate use of endpoint protection (EPP) and endpoint detection and response (EDR) products, BlackBerry notes.
Referred to as WINNTI GROUP, PASSCV, BRONZE UNION (EMISSARY PANDA), CASPER (LEAD), and the newly identified adversary WLNXSPLINTER, the five Advanced Persistent Threat (APT) groups are believed to be related, given similarities in tools, tactics and procedures (TTPs), which BlackBerry refers to as “the WINNTI approach.”
Although they have traditionally pursued different objectives and focused on numerous targets, the groups appear coordinated, particularly in their targeting of Linux platforms. Furthermore, the security researchers discovered a close resemblance between the WINNTI GROUP malwar ..
Support the originator by clicking the read the rest link below.
