Chinese hackers behind ?Luckycat? espionage attack

Share on facebook
Share on twitter
Share on linkedin
Share on email

[/caption] The Luckycat campaign has been active since at least June 2011. First documented by another antivirus company this year, the Trend Micro report showed a more detailed picture of the workings of Luckycat. It is a sophisticated cyber-espionage campaign that attacked a diverse set of more than 90 targets, the company said. The attackers used a variety of methods, some of which have been linked to other cyber-espionage campaigns and even tagged their attacks with campaign codes to measure success. Not only did the Luckycat perpetrators target military research in India as reported, they expanded the attacks to hit other sensitive entities in Japan, as well as India, including heavily targeted Tibetan activists. Through careful monitoring, Trend Micro capitalized on some mistakes made by the attackers, and gave a glimpse of their identities and capabilities. Malware identified with the other APTs like ShadowNet, Duojeen, Sparksrv, and Comfoo campaigns were used or found hosted on the same dedicated server used by the LuckyCat campaign. The attackers behind the Lucky Cat campaign maintain a variety of command-and-control infrastructures and leverage anonymity tools to obfuscate their operations. The perpetrators target the following industries and communities: aerospace, energy, engineering, shipping, military research, Tibetan activists. ?Individual targeted attacks are not one-off attempts. Attackers continually try to get inside the target?s networks. They are truly persistent in that sense. We in the industry are calling them advanced persistent threats or APTs because of their level of sophistication and how they are seemingly unrelenting in their focus,? said Myla Pilao, director for core technology marketing at Trend Micro. Luckycat is an APTs, which refer to a category of threats that aggressively pursue and compromise specific targets to maintain persistent presence within the victim?s network so they can move laterally and exfiltrate data. Unlike indiscriminate cybercrime attacks, spam, Web threats, and the like, APTs are much harder to detect because of the targeted nature of related components and techniques. Also, while cybercrime focuses on stealing credit card and banking information to gain profit, APTs are better thought of as cyber espionage. ?Although APTs appear to be daunting and scary, technologies like Trend Micro Deep Discovery provides visibility, insight and control over networks necessary to defend these against targeted threats,? Pilao added.]]>

Facebook Comments

Latest Posts

Archives