As the coronavirus epidemic reached crisis level in Wuhan, China, in January, a known group of state-backed cyber hackers launched attacks at healthcare companies and other key industries outside the country, according to cybersecurity company FireEye.
FireEye announced their findings on the attacks Wednesday morning, calling it “one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years.
The Chinese hackers, a group known as APT41, are affiliated with the government but also conduct financial crimes for personal gain. FireEye reports that they targeted a specific known vulnerability in the national vulnerabilities database (CVE-2019-19781 affecting Citrix Application Delivery Controllers) on Jan. 20. The vulnerability could allow attackers to exploit virtual desktop, cloud computing, and networking applications to steal data. The group also hit military installations and oil and gas targets, FireEye said, without naming where or in which countries to protect the identity of their clients.
FireEye says there was a dropoff in the group’s cyberattacks five days later, around the Chinese New Year, which occurred on Jan. 25, which is common among China-based threat groups. China began to implement very strict quarantine measures in Hubei province on Jan. 23 suggesting that the activity was going on as the pandemic picked up momentum. There was another drop off between Feb. 2 and 19.
“While it is possible that this reduction in activity might be related to the COVID-19 quarantine measures in China, APT41 may have remained active in other ways which we were unable to observe with FireEye telemetry,” they write in a blogspot posted Wednesday. Defense One is unable to independently verify their claims.
Activity picked up again shortly after Feb. 19, they report. The current wave of attacks “seems to reveal a high operational tempo and wide collection requirements for APT41.”
The unprecedented level of remote working and living during the coronavirus pandemic has also seen an increase in cyberattacks, most notably phishing attacks targeting individuals with phony links and emails, according to...
Read More HERE
No comments:
Post a Comment