Connect with us

Hi, what are you looking for?

World

New attacks from APT31 are targeting Russia, U.S, and Canada

A dangerous new cyber tool uses techniques to avoid detection and self-deletes after it accomplishes its goals.

China passes tough new online privacy law
China's new privacy law will see state-run and private companies handling personal information be required to minimise data collection and obtain prior consent - Copyright AFP/File GREG BAKER
China's new privacy law will see state-run and private companies handling personal information be required to minimise data collection and obtain prior consent - Copyright AFP/File GREG BAKER

The Positive Technologies Expert Security Center has revealed details of new cyberattacks launched by APT31, the criminal group known for targeting global government agencies. He origin of the threat appears to be stemming from China.

As a result of this attack, more than a dozen malicious emails have bene dispatched around the world. This email onslaught occurred between January and July 2021. In terms of global reach, traces of the group were found in the U.S., Canada, Mongolia, the Republic of Belarus, and – for the first time – Russia.

These attacks leveraged previously unseen malicious content: The group’s new tool is a Remote Access Trojan that allows criminals to control a victim’s computer or network, and steal any file from an infected machine.

A Remote Access Trojan is a tool used by malware developers to gain full access and remote control on a user’s system, including mouse and keyboard control, file access, and network resource access.


Read more: North Korean hackers APT38 have conducted $600 million crypto heist

A detailed analysis of the malware samples, as well as numerous overlaps in functionality, techniques, and mechanisms used enabled researchers to attribute the detected samples to APT31.

In particular, the researchers detected a link to a phishing domain inst.rsnet-devel[.]com, which imitates the domain of federal government bodies and government bodies of the subjects of the Russian Federation for the Internet segment – a malicious domain likely designed to mislead government officials and companies that work with government agencies.

In terms of what is known about the group’s new tool:

  • It uses techniques to avoid detection and self-deletes after it accomplishes its goals, as well as deletes all the files it created, and registry keys
  • In some cases, such as in attacks in Mongolia, the dropper was signed with a valid digital signature that was most likely stolen, indicating the attacker’s high level of knowledge
  • The malware can be used as a part of a global campaign that includes cyber espionage
  • In order to make the malicious library look like the original version, criminals named it MSVCR100.dll—the library with the exact same name is part of Visual C++ for Microsoft Visual Studio and is present on almost all computers. In addition, it contains as exports the names that can be found in the legitimate MSVCR100.dll

It is of further concern that the Positive Technologies researchers believe the potential malware is only version is 1.0, based on the value embedded in the code and contained in the network packages.

The trends indicate that the hacker group is expanding the geography of its interests. The researchers believe further attacks stemming from this group will be revealed soon, including against Russia. Based on the changes that have taken place over the last year, researchers believe the group is not afraid to make significant changes to their tools – so future malicious programs may be completely different from those already researched.

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

This transmission electron microscope image shows SARS-CoV-2—also known as 2019-nCoV, the virus that causes COVID-19—isolated from a patient in the U.S. Virus particles are...

Life

If all this very basic information makes the point that these drugs are truly bad, that was the good news. The news for users...

World

WikiLeaks founder Julian Assange will learn Monday whether he can appeal to Britain’s Supreme Court against a High Court ruling.

World

French designer Thierry Mugler, who reigned over fashion in the 1980s, died on Sunday at the age of 73 of "natural causes".