It provides a comprehensive defense tailored to protect organizations against targeted attacks and advanced threats through specialized engines, custom sandboxing, and seamless correlation across the entire attack lifecycle, allowing it to detect threats, like those employed by Operation Cloud Hopper, even without any engine or pattern update. Trend Micro™ Deep Discovery™ provides detection, in-depth analysis, and proactive response to today’s stealthy malware and targeted attacks in real-time. Given how spear-phishing emails are Operation Cloud Hopper’s points of entry, fostering a culture of cybersecurity in the workplace is also a must-particularly against email-based threats. Network segmentation can help protect networks by limiting privileges and access to sensitive data and corporate networks, consequently making lateral movement more difficult for attackers. IT/system administrators can employ data categorization in order to mitigate the damage of a breach or protect the company’s core data in case they are exposed. MSPs shouldn't just streamline how their client’s system infrastructure is managed as Operation Cloud Hopper showed, MSPs must also balance its efficiency and the need to secure it-be it hosted email or cloud applications.Īpart from keeping systems up-to-date, both MSPs and enterprises should take defensive measures to mitigate these kinds of threats, including having proactive incident response measures. For enterprises, it also underscores the significance of carefully assessing and validating the risks entailed when third-party infrastructures are integrated into business processes. Operation Cloud Hopper highlights the ever-evolving cyberespionage landscape, with the connectivity between MSPs and its customers now being used as an attack vector. These pilfered data are then collated, compressed, and exfiltrated from the MSP’s network to the infrastructure controlled by the attackers. APT10 is noted to use open-source malware and hacking tools, which they’ve customized for their operations, and furtively access the systems via Remote Desktop Protocol or use RATs to single out which data to steal. It also installed malware on non-mission-critical machines which it would then use to move laterally into their targeted computers-a subterfuge to prevent rousing suspicion from the organization’s IT/system administrators.
Apollo cloud windows 10 discovery windows#
The attack schedules tasks or leverages services/utilities in Windows to persist in the systems even if the system is rebooted.ĪPT10 didn’t just infect high-value systems. This is also what the group uses to laterally move and gain further access to the MSP’s client’s network. To maintain their foothold on the infected system, the group employed tools that stole legitimate credentials (with administrator privileges) used to access the MSP and its client’s shared system/infrastructure. These malware were delivered through spear-phishing emails that targeted APT10’s MSPs of interest, posing as a legitimate organization like a public sector agency. Trend Micro’s initial analysis and detections reveal over 70 variants of backdoor families and Trojans were involved in this campaign. Operation Cloud Hopper is also known to employ dropper Trojans such as ARTIEF ( TROJ_ARTIEF) along with malicious files ( TROJ_FAKEMS) that imitate signatures or properties of a legitimate Microsoft file, as well as Microsoft Office documents that contain malicious codes that exploit system vulnerabilities. Reports indicate that the campaign employed several malware including several iterations of remote access Trojans (RATs) including old but notorious families like PlugX, Poison Ivy, ChChes, and Graftor (detected by Trend Micro as BKDR_PLUGX, BKDR_POISON,BKDR_CHCHES, and TROJ_GRAFTOR respectively). The industries affected include those in engineering, industrial manufacturing, retail, energy, pharmaceuticals, telecommunications, and government agencies. The MSPs, which managed the victims’ application, network, and system infrastructure, were compromised in order to infiltrate the networks of their actual targets: the MSPs’ clients.
The campaign has impacted organizations in North America, Europe, South America, and Asia-and most recently managed service providers (MSPs) in: United Kingdom (U.K.), United States (U.S.), Japan, Canada, Brazil, France, Switzerland, Norway, Finland, Sweden, South Africa, India, Thailand, South Korea, and Australia. Here’s what you need to know about this latest threat and how organizations can mitigate it: Who are affected? The attacks were leveled against managed IT service providers, which the group used as intermediaries to get their hands on their target’s corporate assets and trade secrets. MenuPass, POTASSIUM, Stone Panda, Red Apollo, and CVNX). Security researchers recently uncovered a pervasive cyberespionage campaign by a group known as “APT10” (a.k.a.
0 kommentar(er)
