Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Chinese Groups Attack Japanese Firms, Resurrect Old Malware

    Written by

    Robert Lemos
    Published October 17, 2017
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      While North Korean and Russian cyber operations have dominated the news, hackers linked to China continue to target a variety of organizations worldwide, according to two separate reports published by security firms in the last week.

      One Chinese group has revived a decade-old remote access Trojan (RAT), known as “Hacker’s Door,” and begun using it in espionage operations, security firm Cylance stated in an analysis published on Oct. 17. Hacker’s Door was originally released in 2004, but has been updated and improved and is being sold online by the original author, the company stated.

      A second espionage group linked to China, known as Bronze Butler, continues the nation’s strategy of economic espionage against other countries, by stealing intellectual property and confidential data from Japanese companies, security services firm SecureWorks stated in an investigation published on Oct. 13.

      “Chinese groups are still very active and fairly capable,” Matthew Webster, a senior researcher with SecureWorks’ counter threat unit, told eWEEK. “If we are comparing to five years ago, I think it is fair to say there is a slight reduction in activity, but there was a large volume of attacks back then.”

      While the media has focused on the rise of North Korea’s cyber operations against the United States and Russia’s extensive information operations targeting the 2016 U.S. presidential election, activity from China has garnered less attention. The People’s Republic of China, however, has continued its extensive online activities, although it is uncertain whether any of the operations violate an agreement to not conduct economic espionage against U.S. companies.

      The most recent reports shed light on the fact that Chinese hackers do not mind outsourcing development of their tools to outside developers. The discovery of the Hacker’s Door RAT, for example, “shows that threat actors are comfortable relying on third-party tools to reduce development time (and) costs for malware,” Cylance stated in its analysis.

      Cylance would only confirm that the tool was found inside a Western aerospace company, so it remains uncertain whether China may have violated its pledge to not attack U.S. companies with economic espionage.

      “It is highly likely that this tool will continue to be uncovered as part of targeted attacks for some time, as the ease of use and advanced functionality makes ‘Hacker’s Door’ the perfect RAT for any adversary’s arsenal,” Cylance stated in the analysis. “If found within an environment it is highly advised that you arrange for a compromise assessment to determine if there are further signs of attacker activity.”

      While China may be curtailing economic espionage operations against U.S. companies, the PRC is still targeting other nations’ economies. The Bronze Butler group, for example, targeted intellectual property, product specifications, and sensitive business and sales files, SecureWorks stated. The group also targets a variety of data useful to extending a network compromise, such as configuration files and email messages.

      The telltale signs linking the activities to China include the use of a scanning tool created by a Chinese developer and Chinese characters in specific files, as well as a decrease in activity during the Chinese national holidays. Researchers are quick to point out that any online or digital evidence can be faked by a technical adversary.

      Despite leaving behind traces of its affiliations, the group seems quite sophisticated. Japanese companies were compromised using a zero-day exploit in a desktop management system, and the infrastructure used to conduct the attacks was advanced, SecureWorks stated.

      “The threat actors seemingly have the capability to develop and deploy their own proprietary malware tools,” the company stated in its analysis. “The group’s command and control (C2) protocols are encrypted, presenting challenges for network defenders and incident responders.”

      Robert Lemos
      Robert Lemos
      Robert Lemos is an award-winning journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.