China's Espionage Dynasty: Economic Death by a Thousand Cuts by James Scott & Drew Spaniel
Author:James Scott & Drew Spaniel [Scott, James]
Language: eng
Format: azw3, epub
Tags: General Fiction
Publisher: Institute for Critical Infrastructure Technology
Published: 2016-07-14T16:00:00+00:00
Stone Panda
Crowdstrike identifies Stone Panda as a Chinese APT that has targeted healthcare, aerospace, defense, and government organizations since May 2010. Stone Panda specializes in cyberespionage, network reconnaissance, data exfiltration, and lateral network exploration.
Stone Panda uses spear-phishing to install the PoisonIvy RAT and IEChecker/ EvilGrab tool kit on victim machines. Poison Ivy is a remote administrative tool that is created and controlled by a management kit featuring a graphical user interface. The exploit kit is widely available for purchase or download on the dark net; consequently, its use in high- level campaigns could indicate a lack of technical sophistication of the adversary, who otherwise could have created a custom backdoor utility. Conversely, use of a publically available tool could be an opportunistic or strategic choice as the decision reduces costs to the campaign and complicates profiling attempts due to the ubiquity of the tool. The tool is also used by Axiom and Nightshade Panda.
The PoisonIvy backdoor is copied into the Windows/system32 folder and the filename and installation location are defined by the attacker. Some variants of the malware are capable of copying themselves into an Alternate Data Stream. A registry entry is created to ensure that the malware runs at startup. The malware connects to a server through encrypted and compressed communication and the malware can be configured to inject itself into a browser process before establishing an outgoing connection in order to bypass some firewalls. PoisonIvy gives the attacker complete control over the victim system. The most common operations include: renaming, deleting, uploading, downloading or executing files; viewing or editing registry keys; viewing, suspending, or killing running processes; viewing or terminating network connections; viewing and controlling services; viewing or disabling installed devices; enumerating, deleting, or uninstalling programs. PoisonIvy can steal information by taking screenshots, recording audio or webcam footage, and by capturing saved passwords and hashes. Some variants feature a keylogger and addition functionality provided by third-party plugins.
The EvilGrab exploit kit is spyware that is capable of capturing audio, video, screenshots, and log keystrokes from infected Windows machines. It has three primary components: one .EXE and two .DLL files. The executable acts as the installer. One of the digital libraries is the loader for the other, which is the main backdoor component. Some variants delete the executable after installation. Some variants, such as the IEChecker used by Stone Panda, are capable of stealing credentials stored in Internet Explorer and Outlook. Additionally, some versions are designed to steal information from Tencent QQ, a Chinese instant messaging application or to inject itself into certain security products, such as those distributed by ESET, Kaspersky, and McAfee.
Download
China's Espionage Dynasty: Economic Death by a Thousand Cuts by James Scott & Drew Spaniel.epub
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(7196)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6891)
Machine Learning Security Principles by John Paul Mueller(6866)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(6519)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(6500)
Solidity Programming Essentials by Ritesh Modi(4399)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3997)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3747)
Learn Computer Forensics - Second Edition by William Oettinger(3494)
Future Crimes by Marc Goodman(3463)
Blockchain Basics by Daniel Drescher(3432)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3427)
Mastering Python for Networking and Security by José Manuel Ortega(3421)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(3361)
Incident Response with Threat Intelligence by Roberto MartÃnez(3218)
The Code Book by Simon Singh(3027)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2953)
Mobile App Reverse Engineering by Abhinav Mishra(2932)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2833)
