China's Espionage Dynasty: Economic Death by a Thousand Cuts by James Scott & Drew Spaniel

Author:James Scott & Drew Spaniel [Scott, James]
Language: eng
Format: azw3, epub
Tags: General Fiction
Publisher: Institute for Critical Infrastructure Technology
Published: 2016-07-14T16:00:00+00:00

Stone Panda

Crowdstrike identifies Stone Panda as a Chinese APT that has targeted healthcare, aerospace, defense, and government organizations since May 2010. Stone Panda specializes in cyberespionage, network reconnaissance, data exfiltration, and lateral network exploration.

Stone Panda uses spear-phishing to install the PoisonIvy RAT and IEChecker/ EvilGrab tool kit on victim machines. Poison Ivy is a remote administrative tool that is created and controlled by a management kit featuring a graphical user interface. The exploit kit is widely available for purchase or download on the dark net; consequently, its use in high- level campaigns could indicate a lack of technical sophistication of the adversary, who otherwise could have created a custom backdoor utility. Conversely, use of a publically available tool could be an opportunistic or strategic choice as the decision reduces costs to the campaign and complicates profiling attempts due to the ubiquity of the tool. The tool is also used by Axiom and Nightshade Panda.

The PoisonIvy backdoor is copied into the Windows/system32 folder and the filename and installation location are defined by the attacker. Some variants of the malware are capable of copying themselves into an Alternate Data Stream. A registry entry is created to ensure that the malware runs at startup. The malware connects to a server through encrypted and compressed communication and the malware can be configured to inject itself into a browser process before establishing an outgoing connection in order to bypass some firewalls. PoisonIvy gives the attacker complete control over the victim system. The most common operations include: renaming, deleting, uploading, downloading or executing files; viewing or editing registry keys; viewing, suspending, or killing running processes; viewing or terminating network connections; viewing and controlling services; viewing or disabling installed devices; enumerating, deleting, or uninstalling programs. PoisonIvy can steal information by taking screenshots, recording audio or webcam footage, and by capturing saved passwords and hashes. Some variants feature a keylogger and addition functionality provided by third-party plugins.

The EvilGrab exploit kit is spyware that is capable of capturing audio, video, screenshots, and log keystrokes from infected Windows machines. It has three primary components: one .EXE and two .DLL files. The executable acts as the installer. One of the digital libraries is the loader for the other, which is the main backdoor component. Some variants delete the executable after installation. Some variants, such as the IEChecker used by Stone Panda, are capable of stealing credentials stored in Internet Explorer and Outlook. Additionally, some versions are designed to steal information from Tencent QQ, a Chinese instant messaging application or to inject itself into certain security products, such as those distributed by ESET, Kaspersky, and McAfee.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.