Express Computer
Home  »  News  »  Avast Released A Joint Analysis Of An APT Attack

Avast Released A Joint Analysis Of An APT Attack

Together with ESET, Avast analyzed samples of malware used in attacks targeting a telecommunications company, a gas company, and a governmental institution

0 153

Avast (LSE:AVST), a global leader in digital security and privacy products, today released a joint analysis of an APT attack targeting Central Asian companies and institutions. Avast worked together with malware analysts from ESET to analyze samples used by an APT group to spy on a telecommunications company, a gas company, and a governmental institution in Central Asia.

The group planted backdoors to gain long-term access to corporate networks. Based on the analysis, Avast suspects the group was also behind attacks active in Mongolia, Russia, and Belarus. Avast believes the group is from China, based on the use of Gh0st RAT, which has been known to be used by Chinese APT groups in the past and similarities in the code Avast analyzed and code recently analyzed in a campaign attributed to Chinese actors.

The backdoors gave the actors the ability to manipulate and delete files, take screenshots, alter processes, and services, as well as execute console commands, and remove itself. Additionally, some commands had the capability to instruct the backdoors to exfiltrate data to a C&C server. Infected devices could also be commanded by a C&C server to act as a proxy or listen on a specific port on every network interface. The group also used tools such as Gh0st RAT and Management Instrumentation to move laterally within infiltrated networks.

“The group behind the attack frequently recompiled their custom tools to avoid antivirus detection, which, in addition to the backdoors, included Mimikatz and Gh0st RAT. This has led to a large number of samples, with binaries often protected by VMProtect, making analysis more difficult,” said Luigino Camastra, malware researcher at Avast. “Based on what we have discovered and the fact that we were able to tie elements of these attacks back to attacks carried out on other countries, we assume this group is also targeting further countries.”

Avast reported its findings to the local CERT team, and reached out to the affected telecommunications company it discovered was under attack.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image