A Chinese-speaking APT group, Calypso, has actively been targeting state institutions in six countries, hacking systems and injecting a program to gain access to internal networks, according to a report from researchers at Positive Technologies Expert Security Center.The researchers found the hackers either exploited a remote code execution vulnerability MS17-010 or used stolen credentials.“These attacks succeeded largely because
most of the utilities the group uses to move inside the network are widely used
by the specialists everywhere for network administration,” said Denis
Kuvshinov, lead specialist in threat analysis at Positive Technologies. “The
group used publicly available utilities and exploit tools, such as SysInternals,
Mimikatz and EternalRomance.
Using these widely available tools, the attackers infected computers on the
organization's LAN and stole confidential data.”Research indicates the campaign is the
work of an Asian group. In one attack, the malfeasants, who are believed to
have originated in Asia, used PlugX malware, a signature of APT groups from
China and some of the attackers inadvertently revealed their IP addresses from
Chinese providers.Positive Technologies experts said the
group used the Byeby trojan used in a 2017 SongXY malware campaign.Institutions in India were hit the hardest,
followed by Brazil and Kazakhstan, Russia and Thailand and Turkey.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds