Login

Register

Login

Register


A cyber-espionage group dubbed Bronze President has been targeting countries in South and East Asia. 

Researchers at Secureworks’ Counter Threat Unit (CTU) have observed the group spying on the activities of political and law enforcement organizations and NGOs. 

The threat group seems to have developed its own remote access tools, which it uses alongside publicly available remote access and post-compromise toolsets to gain entry to a network.

Using publicly available open-source tools could be a deliberate ploy by the group to cover its tracks and reduce the risk of attribution.

Once inside, the threat actors elevate their privileges and install malware on a large proportion of systems. Bronze President then runs custom batch scripts to collect specific file types and takes proactive steps to minimize detection of its activities.

The threat actors appear to be monitoring their targets as they steal data from compromised systems over a long period of time. Countries that have been targeted include India and Mongolia. 

Activity from the threat actors has been observed by Secureworks’ researchers since mid-2018, but it’s is thought that the group may have started causing trouble as early as 2014. 

Among the group’s phishing lures, researchers found emails suggesting an interest in national security, humanitarian, and law enforcement organizations in East, South, and Southeast Asia.

Researchers believe the Bronze President group is operating from a base within the People’s Republic of China (PRC). 

Connections were found between a subset of the group’s operational infrastructure and PRC-based internet service providers. Furthermore, the group uses tools such as PlugX that have historically been leveraged by threat groups based in the PRC.

“It is likely that Bronze President is sponsored or at least tolerated by the PRC government. The threat group’s systemic long-term targeting of NGO and political networks does not align with patriotic or criminal threat groups,” wrote Secureworks’ researchers. 

The operational tactics of the group indicate that the crew behind it are highly organized.

Researchers noted: “Bronze President has demonstrated intent to steal data from organizations using tools such as Cobalt Strike, PlugX, ORat, and RCSession. The concurrent use of so many tools during a single intrusion suggests that the group could include threat actors with distinct tactics, roles, and tool preferences.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW