󰅡收起

Yu1u Security Club

12
八月

针对中国和南亚国家的 “季风” APT 攻击行动

作者: 雨路
分类: 深度资讯
发布时间: 2016-08-12 11:37

季风(Monsoon)是Forcepoint安全实验室™调查间谍活动的名称,特别调查小组2016年5月以来一直在跟踪和分析。我们已经发布了技术分析的形式白皮书。下面提供一个下载链接。

MONSOON TARGETS SPECIFIC VICTIMS

The overarching campaign appears to target both Chinese nationals within different industries and government agencies in Southern Asia. It appears to have started in December 2015 and is still ongoing as of July 2016. The malware components used in MONSOON are typically distributed through weaponised documents sent through e-mail to specifically chosen targets. Themes of these documents are usually political in nature and taken from recent publications on topical current affairs.

SEVERAL SOPHISTICATED MALWARE COMPONENTS

MONSOON includes the use of multiple malware families, including Unknown Logger Public, TINYTYPHON, BADNEWS, and an AutoIt backdoor. BADNEWS is particularly interesting, containing resilient command-and-control (C&C) capability using RSS feeds, Github, forums, blogs and Dynamic DNS hosts. Malware used in MONSOON contains the ability to bypass Windows User Account Control and evade modern anti-malware solutions.

WHO IS BEHIND MONSOON?

Amongst the evidence gathered during the MONSOON investigation were a number of indicators which make it highly probable that this adversary and the Operation Hangover adversary are one and the same and are operating out of the Indian Sub Continent.

HOW AND WHEN DID WE DO THE RESEARCH?

Our investigation into MONSOON began in May 2016. Over the course of our investigation we discovered over 170 malicious documents and 4 distinct malware families.

下载链接

Our deep-dive technical analysis is available for download now from https://www.forcepoint.com/resources/datasheets/monsoon-analysis-apt-campaign

本文出自 Yu1u Security Club ,转载时请注明出处及相应链接。

本文永久链接: https://www.yu1u.org/post/160.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注