Bitdefender announced the publication of an investigation into a spy campaign that hit a telecommunications company: the attack has every appearance of being a ATPfruit of BackdoorDiplomacya Chinese hacker group.
What happened
The system breach initially used binaries that were vulnerable to side-loading techniques. Once infiltrators, ATP used various tools and malware to spy, move and evade all controls.
The attack on the telecommunications company seems to coincide with the results of the recent Data Breach Investigation 2022 report, which found that only in the last year have increased vulnerabilities of security systems.
According to Bitdefender the recorded ATP attack is just the beginning and could steadily increase over time.
The hackers would be mainly focusing on the breach of confidentiality (data exfiltration) versus the availability violation (distribution of ransomware).
Obviously these kinds of attacks put businesses of any size, consider a target or a means of arriving at a much greater goal.
For its part, Bitdefender urges companies, regardless of their size and sector, to stay alert and apply the Indicators of Compromise (IOC)which were published in the research.
In fact, it is important that companies are the first to maintain high levels of security of their systems, with prevention, detection and hunting capabilities and responses to threats.
For more information on Bitdefender’s full research, click here.
What are the ATP attacks mentioned by Bitdefender
Gli APT o Advanced Persistent Threat they are one of the most effective means that hackers use to attack a company. They are based on multi-level and multi-channel maneuvers, with the company being targeted on several fronts.
The attack is therefore planned down to the smallest detail and usually the ATP refer to state actors. In fact, they act on motivations that generally follow political or economic issues. Very often, as in the investigation carried out by Bitdefender, it is about cyberspionaggio.
The goal of hackers who launch an ATP is usually to extrapolate confidential information from the company or make some services offered by the victims unusable.