Connect with us

Hi, what are you looking for?

World

New attacks from APT31 are targeting Russia, U.S, and Canada

A dangerous new cyber tool uses techniques to avoid detection and self-deletes after it accomplishes its goals.

China passes tough new online privacy law
China's new privacy law will see state-run and private companies handling personal information be required to minimise data collection and obtain prior consent - Copyright AFP/File GREG BAKER
China's new privacy law will see state-run and private companies handling personal information be required to minimise data collection and obtain prior consent - Copyright AFP/File GREG BAKER

The Positive Technologies Expert Security Center has revealed details of new cyberattacks launched by APT31, the criminal group known for targeting global government agencies. He origin of the threat appears to be stemming from China.

As a result of this attack, more than a dozen malicious emails have bene dispatched around the world. This email onslaught occurred between January and July 2021. In terms of global reach, traces of the group were found in the U.S., Canada, Mongolia, the Republic of Belarus, and – for the first time – Russia.

These attacks leveraged previously unseen malicious content: The group’s new tool is a Remote Access Trojan that allows criminals to control a victim’s computer or network, and steal any file from an infected machine.

A Remote Access Trojan is a tool used by malware developers to gain full access and remote control on a user’s system, including mouse and keyboard control, file access, and network resource access.


Read more: North Korean hackers APT38 have conducted $600 million crypto heist

A detailed analysis of the malware samples, as well as numerous overlaps in functionality, techniques, and mechanisms used enabled researchers to attribute the detected samples to APT31.

In particular, the researchers detected a link to a phishing domain inst.rsnet-devel[.]com, which imitates the domain of federal government bodies and government bodies of the subjects of the Russian Federation for the Internet segment – a malicious domain likely designed to mislead government officials and companies that work with government agencies.

In terms of what is known about the group’s new tool:

  • It uses techniques to avoid detection and self-deletes after it accomplishes its goals, as well as deletes all the files it created, and registry keys
  • In some cases, such as in attacks in Mongolia, the dropper was signed with a valid digital signature that was most likely stolen, indicating the attacker’s high level of knowledge
  • The malware can be used as a part of a global campaign that includes cyber espionage
  • In order to make the malicious library look like the original version, criminals named it MSVCR100.dll—the library with the exact same name is part of Visual C++ for Microsoft Visual Studio and is present on almost all computers. In addition, it contains as exports the names that can be found in the legitimate MSVCR100.dll

It is of further concern that the Positive Technologies researchers believe the potential malware is only version is 1.0, based on the value embedded in the code and contained in the network packages.

The trends indicate that the hacker group is expanding the geography of its interests. The researchers believe further attacks stemming from this group will be revealed soon, including against Russia. Based on the changes that have taken place over the last year, researchers believe the group is not afraid to make significant changes to their tools – so future malicious programs may be completely different from those already researched.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

January is a popular month for people quitting their job as a part of their New Year’s resolutions.

Tech & Science

The uproar left the CEO of Tesla and SpaceX battling the humiliating accusation that he was faking it as a skilled gamer.

Entertainment

"Rocky's" is a new coming-of-age film that is being released via Gravitas Ventures.

Tech & Science

The U.S. grounded SpaceX's Starship and ordered Elon Musk's company to investigate why the spaceship spectacularly disintegrated.