Jon Dimaggio from Symantec's Threat Hunter Team talked about the cyber attacks that involve China based hacker group called 'APT41' for espionage and cyber crimes. APT41 is an early adaptor of 'supply chain' attack which they leverage victims by establishing relationships with companies to use them for later bigger attacks and has been active since 2012. Jon stated that the confusing part of this investigation was that it is unusual in that state-sponsored espionage group involved with financial gain motivated cyber crimes. The motivation behind the espionage is not for financial gains but to collect intellectual information for political and military purposes. APT41 is a custom developed sophisticated espionage malware that has invested with time and money. It is unlikely that the government would permit to use it for financial gains as it can expose its signature to researchers which result in close of the long standing operation. One crucial tactic his team used to identify the crime was to monitor the human logging event timestamps. It appeared that the cyber crime actors were active between 10 pm to 1 am which is unusual time for espionage activity to happen. It lead to a hypothesis that it could be a moonlighting activity caused by a human greed. It is well known fact that highly skilled tech individual is well paid and lives a comfortable life in China but it appears human greed lead to perform the cyber attack for a personal capital gain to earn cyber money using APT41 malware thinking that they wouldn't be caught. The US government indicted seven individuals including APT41 with variety of crimes. Two of them worked both the espionage and cyber crimes operations. He believes that his team is doing a good job with investigating this cyber attacks based on the information revealed on the indictment. As the result of this indictment, APT41 will change their tactics, retool the attacks , and slow down but comeback with new creative way of attacks.
https://thecyberwire.com/podcasts/research-saturday/158/notes
No comments:
Post a Comment