A security notice, recently published by theHealth Sector Cybersecurity Coordination Center (HC3), examined the relationship between groups Of hacking Chinese and attack the healthcare sectorespecially the US one.
In this context, we are not only talking about attacks to obtain money from the victims. According to experts, in fact, there is talk of espionage both for the interests of the gods cybercriminali, and on behalf of the Chinese government. In this regard, for example, it seems that some hackers from the Asian country have targeted pharmaceutical companies overseas during the pandemic.
But what are the most notorious and dangerous groups? The most popular name at the moment is that of APT41 (also known by many other names, such as BARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly, Winnti Umbrella e Double Dragon).
This gang of cybercriminals has been active since 2007 and appears to engage in activities such as espionage and digital extortion. APT41 aggressively exploits known vulnerabilities, often within hours of public disclosure, as is the case with vulnerabilities ProxyLogon e Log4J.
Chinese hacker groups: cybercrime and espionage
Once initial access is gained, the group moves laterally within networks and establishes persistent access, often remaining in networks undetected for long periods while data of interest is exfiltrated. The group has a large arsenal of malware and uses well-known security tools in its attacks, such as:
- a customized version of Cobalt Strike;
- Acunetix;
- Nmap;
- JexBoss;
- Sqlmap.
Another group, with a very similar name, is APT10. These hackers are engaged in cyberspionaggio e cyber warfare, focusing on the theft of military data and intelligence. The group is known for exploiting the zero-day vulnerability to gain access to goal networks use a variety of customized tools to achieve your goals.
APT10 conducts highly targeted attacks, with initial access often achieved through the practice known as spear phishing. The group has also been known to target i managed service providers (MSP) to attack their customers upstream.