Blackberry has exposed the spy activity of APT groups that work in the interests of the Chinese government. These groups have been systematically attacking servers, Windows systems and mobiles for almost a decade and have so far remained undetected.
Civil Contractors Who Work In The Interests Of The Chinese Government
The report, entitled “Decade of the RATs”, shows that five particular groups of civilian contractor hackers in China have been coordinating their efforts and sharing information in a wide-ranging cyber espionage campaign directed at industries and government agencies all over the world.
The APT groups examined civil contractors who work in the interests of the Chinese government and are willing to share tools, techniques, infrastructure and targeted information with each other and with government officials. The APT groups have so far pursued different goals and focused on a broad spectrum. However, it was found that there is significant collaboration between these groups, particularly as far as the server platforms are concerned.
One of the Android malware samples is very similar to the code of a commercially available penetration test tool, but the malware was created almost two years before the first purchase of the commercial tool. Several new variants of known malware that are spread by virus protection through the use of code signature certificates as adware. This tactic is intended to increase the attack rate, as it is hoped that the AV flags will only be dismissed as another sign of constant adware warnings.
It Doesn’t Stop At The Home Office Either
The majority of employees have left the office to curb the spread of the corona virus, the data remains in the company’s data centers, most of which run on Linux. And that’s not a small problem. Linux runs almost all leading websites of all web servers. Defensive coverage within environments is immature at best and robust endpoint protection products are often underused or lack the skills to defend them. Companies also frequently used this servers as a network for other operations, so that it is constantly switched on and poorly defended.
