Zuhause » Nachrichten » Gruppe von chinesischen Hackern verwendet NSA Werkzeuge viel früher ihre Leckage in Netzwerk

Gruppe von chinesischen Hackern verwendet NSA Werkzeuge viel früher ihre Leckage in Netzwerk

Symantec-Analysten geteilt interessante Beobachtungen.

EINs it discovered, some Chinese cybercriminal group used NSA tools a year before hackers from Shadow Brokers leaked it into network.

Diese chinesische Gruppe wird unter mehreren Namen verfolgt, einschließlich Buckeye, APT3, UPS-Team, Gothic Panda und TG-0110.

Researchers link its activity with PRC’s Ministry of State Security. Buckeye was noted with cyberattacks on such corporations as Siemens, Trimble and Moody’s Analytics.

In their cyberoperations group used several malware programs, among them was famous backdoor DoublePulsar.

Also researchers noted presence in the Buckeye arsenal Bemstour exploit that was responsible for backdoor delivery on the targeted computer.

It is worth reminding that DoublePulsar became famous in April 2017, just after publication of NSA tools by Shadow Brokers. This leakage was one the most significant events in the history of cybersecurity in the recent years.

As say Symantec specialists, they managed to find evidence that Buckeye applied DoublePulsar in March 2016. Deshalb, it is evident that Chinese hackers used NSA tool more than year before its official leakage.

The earliest famous instance of NSA’s espionage tools application was in March 2016, with the attack on aim in Hong Kong. In this attack exploit’s instrument Bemstour was delivered to victims through famous Buckeye malware (Backdoor.Pirpi). An hour later Bemstour was used against educational institution in Belgium.

Variants of NSA tools used by Buckeye appear to be different from those released by Shadow Brokers, potentially indicating that they didn’t originate from that leak”, — reported in Symantec.

Buckeye disappeared in mid-2017 and three alleged members of the group were indicted in the U.S. in November 2017. jedoch, while activity involving known Buckeye tools ceased in mid-2017, the Bemstour exploit tool and the DoublePulsar variant used by Buckeye continued to be used until at least September 2018 in conjunction with different malware.

LESEN  eCh0raix Ransomware greift QNAP NAS-Netzwerkspeicher
Buckeye Timeline
Timeline of Buckeye

Quelle: https://www.symantec.com/blogs

[Gesamt:0    Durchschnitt: 0/5]

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

Bug in McAfee Antiviren-Produkte

Forscher fanden heraus, gefährliche Fehler in McAfee Antiviren-Produkte

SafeBreach Spezialisten entdeckt einen gefährlichen Fehler in McAfee Antiviren-Produkte. Die Sicherheitslücke CVE-2019-3648 betrifft McAfee …

Trojan Predator der Dieb

Trojan Predator Der Dieb Angriffe leicht verdientes Geld Liebhaber und Kryptowährung Jäger

Eine unabhängige Forscher entdeckt eine betrügerische Kampagne auf YouTube, die Spreads der Spyware-Trojaner …

Hinterlasse eine Antwort