APT3 – WindowsTechs.com

China’s APT3 Pilfers Cyberweapons from the NSA

Posted on September 6, 2019 by Tara Seals

Large portions of APT3’s remote code-execution package were likely reverse-engineered from prior attack artifacts. Continue reading China’s APT3 Pilfers Cyberweapons from the NSA→

How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.

Posted on September 5, 2019 by Shannon Vavra

A Chinese hacking group that has been using tools linked with the National Security Agency might have obtained at least one without breaching NSA systems, according to researchers at cybersecurity company Check Point. The Chinese hacking group APT3, which somehow had in its possession an NSA-linked tool in advance of public leaks in 2016 and 2017, appears to have acquired it by analyzing network traffic on a system that was potentially targeted by the NSA, Check Point says. The theory is that after observing the exploit in the wild, APT3 incorporated it into its own arsenal of attacks with some tweaks, the researchers say. “Check Point learned that the Chinese group was monitoring in-house machines that were compromised by the NSA, capturing the traffic of the attack and was leveraging it to reverse engineer the software vulnerabilities,” the researchers write. Check Point acknowledges that it “can’t prove this beyond any doubt.” The company says it does not know for sure […]

The post How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory. appeared first on CyberScoop.

Continue reading How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.→

Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

Posted on May 7, 2019 by Tara Seals

Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017. Continue reading Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak→

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them

Posted on May 7, 2019 by Swati Khandelwal

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA’s Equation Group almost a year before the mysterious Shadow Brokers group leaked… Continue reading Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them→

Chinese hackers found and repurposed elite NSA-linked tools

Posted on May 7, 2019 by Greg Otto

A hacking group with ties to Chinese intelligence has been using tools linked to the National Security Agency as far back as March 2016, according to research from security firm Symantec. The tools include some released by the Shadow Brokers, a mysterious group that dumped computer exploits once used by the NSA on the open internet in April 2017. Symantec’s research suggests that the Chinese-linked group, which the company calls “Buckeye,” was using the same NSA-linked tools at least a year before they were publicly leaked. According to Symantec, one of the tools used by Buckeye was DoublePulsar, a backdoor implant that allows attackers to stealthily collect information and run malicious code on a target’s machine. DoublePulsar was used in conjunction with another tool, which Symantec calls Trojan.Bemstour, that took advantage of various Microsoft Windows vulnerabilities in order to secretly siphon information off targeted computers. The Trojan.Bemstour exploit allowed attackers […]

The post Chinese hackers found and repurposed elite NSA-linked tools appeared first on CyberScoop.

Continue reading Chinese hackers found and repurposed elite NSA-linked tools→

MITRE asks vendors to do more to detect stealthy hacks

Posted on May 1, 2019 by Sean Lyngaas

As hackers continue to use native programming tools to blend into target networks, Mitre Corp. is beginning to test vendors’ ability to detect those techniques. The federally-funded, not-for-profit organization announced Wednesday it would throw the stealthy tactics of an infamous hacking group, the Russian-government-linked APT29, at several threat-detection products. But the evaluation is about more than one set of adversaries. The “living off the land” techniques, such as hiding in PowerShell scripts, that will be tested are increasingly popular with a variety of hacking groups. “A lot of these techniques are going to be implemented in similar ways from different adversaries,” said Frank Duff, Mitre’s lead for evaluations that use the organization’s ATT&CK framework. “PowerShell monitoring is that next thing that everyone recognizes is absolutely necessary,” he added. Mitre’s last round of testing focused on advanced persistent threats, mimicking the tactics of APT3, a China-based group known for using internet-browser exploits. But […]

The post MITRE asks vendors to do more to detect stealthy hacks appeared first on CyberScoop.

Continue reading MITRE asks vendors to do more to detect stealthy hacks→

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

Posted on December 4, 2018 by Windows Defender ATP team

In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advan… Continue reading Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP→

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

Posted on December 4, 2018 by Windows Defender ATP team

DOJ indictment spotlights China’s civilian intel agency – and its hacker recruits

Posted on November 1, 2018 by Sean Lyngaas

In unsealing charges Tuesday against 10 Chinese nationals, the Department of Justice showed its focus is on China’s civilian intelligence agency, which analysts say has become Beijing’s preferred arm for conducting economic espionage. The agency, the Ministry of State Security, is more professional and technical in its hacking operations than China’s People Liberation Army, according to CrowdStrike co-founder Dmitri Alperovitch. “We have seen [the MSS], over the years, break into [corporate] organizations,” Alperovitch said Tuesday at an event hosted by The New York Times. “They were always better technically than the PLA.” After a landmark 2015 agreement between the United States and China not to steal intellectual property, Chinese activity in that vein tapered off for about a year, according to Alperovitch. Now, he said, it is back in full force. “[W]e’re seeing, on a weekly basis, intrusions into U.S. and other Western companies from Chinese actors,” with the MSS […]

The post DOJ indictment spotlights China’s civilian intel agency – and its hacker recruits appeared first on Cyberscoop.

Continue reading DOJ indictment spotlights China’s civilian intel agency – and its hacker recruits→

Meet ‘Intrusion Truth,’ the Mysterious Group Doxing Chinese Intel Hackers

Posted on August 21, 2018 by Joseph Cox

Since April last year, a group calling itself ‘Intrusion Truth’ has trickled out the real names of hackers working for Chinese intelligence. Recently the group has ramped up its efforts against a Chinese operation targeting governments and businesses. Continue reading Meet ‘Intrusion Truth,’ the Mysterious Group Doxing Chinese Intel Hackers→