CATEGORY: APT (Advanced Persistent Threat)
The group known as APT10 / Cloud Hopper hits victims in many diﬀerent sectors, such as: information technology, ﬁnance, energy, healthcare and public health, communications, and critical manufacturing. The espionage campaign has targeted managed IT service providers (MSSPs), allowing the APT10 group to steal a huge set of intellectual property and sensitive data of those MSSPs and their clients globally.
The campaign uses multiple malware families and variants, some of which are currently not detected by anti-virus signatures. Depending on the defensive mitigation in place, they may gain full access to networks and data in a way that appears legitimate to bypass detection. The campaign uses customized variants of Trojans and Malware that have been previously linked to Chinese espionage campaign.
INDICATORS OF COMPROMISE
IP(s) / Hostname(s)
Malware Hash (MD5/SHA1/SH256)
Block the threat indicators at their respective controls. Keep systems up-to-date that are patched against all known vulnerabilities.
Researchers also suggest to conduct regular vulnerability scans of the internal and external networks and hosted content to identify and mitigate vulnerabilities.
Implement an Intrusion Detection System (IDS) to ensure continuous monitoring, sending alerts to a SIEM tool and monitoring internal activity.