Threat Intelligence, Data Security
Data exfiltration tools by APT31 group detailed
Share
An analysis by Kaspersky researchers exposed a collection of advanced malware employed by the Chinese state-sponsored threat group APT31 to exfiltrate the sensitive data of numerous Eastern European organizations last year, The Hacker News reports.
The cyber group, which also goes by the names Violet Typhoon, Bronze Vinewood, and Judgement Panda, used a total of 15 implants to conduct its attacks while enabling a permanent data exfiltration channel with targets and harvesting even of data that is stored in air-gapped systems, according to the researchers.
The group's malware stack is composed of three stages: establishing persistence, harvesting sensitive data, and sending the data to a remote server it controls.
Researchers noted that APT31 additionally deployed a command and control server within the corporate perimeter, which it used as a proxy for data transmission from systems without Internet access.
Other tools that the researchers discovered were for manual uploading of data to temporary file-sharing services such as Yandex Disk, imgshare, and zippyimage.
Related Events
Related Terms
BitBlack HatBrute ForceBusiness Email Compromise (BEC)CipherCryptographic Hash FunctionsDarknetData MiningInformation WarfareReconnaissanceGet daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds