APT5: Chinese-Sponsored Hackers Targeting Global Organizations - Essay Sample

Introduction

APT 5 is a group of hackers that are sponsored by the Chinese government. It began in the year 2007 and consisted of various subgroups that have specific infrastructure and tactics. It has targeted and breached different organizations in multiple industries. Its major focus is on telecommunications and technology organizations with special interests in the satellite communication companies (Catalin, 2019). Its attacks are executed with the aid of a malware referred to as LEOUNCIA. The malware with keylogging capabilities is put into use during the targeting of telecommunication companies' executives, employees, and corporate networks.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

What is their end goal? What type of victim do they tend to target?

It can be established that the critical victims of APT 5 are regional telecommunication service providers, the Asian based employees of tech firms and various global telecommunications companies, military application technology, as well as High-Tech manufacturers (Catalin, 2019). It can be observed in their attack of Pulse Secure VPN and Fortinet servers through internet scanning, where they capitalize on vulnerabilities including CVE-2019-11510 for Pulse Secure and CVE-2018-13379 for Fortinet (Catalin, 2019). The vulnerabilities are used in stealing files that store password information alongside VPN session data from the files that have been affected. APT 5 has its primary goal of aiding the Chinese government in monitoring sensitive traffic alongside stealing user credentials.

How technologically savvy is the actor based on its tools and techniques?

They undertake their attacks by the use of a tool that facilitates their entry into the networks of victims to perform their objectives. One of them is the use of LEOUNCIA. It is a powerful malware designed and has the capability of taking complete control of the infected machine, systems, and networks. Its antivirus is very limited making it rare to detect mainly using generic heuristics (Jeff, 2019). Thus, it can be effective in penetrating the target victim's networks and collect the required information for the Chinese government. It uses HTTP in undertaking custom obfuscated payload. Its obfuscation techniques are much sophisticated, and it effectively hides from signature-based sensors (Jeff, 2019). Finally, since it offers a wide variety of features, it has excellent functionality in entering various target systems and retrieving the required sets of information.

Does the actor favor one type of attack or exploit over others, etc.?

The actor has used LEOUNCIA malware to favor one type of attack. Such attacks are targeted on enterprise VPN servers belonging to telecommunication companies (Jeff, 2019). Also, it is used in the exploitation of outdated virtual private networks in the espionage of international targets.

References

Atif, M. (2010). Retrieved from https://www.fireeye.com/blog/threat-research/2010/12/leouncia-yet-another-backdoor.html

Catalin, C. (2019). A Chinese APT is now going after Pulse Secure and Fortinet VPN servers. Retrieved from https://www.zdnet.com/article/a-chinese-apt-is-now-going-after-pulse-secure-and-fortinet-vpn-servers/

Jeff, S. (2019). ATP groups are exploiting outdated VPNs to spy on international targets, U.K. and U.S. warn. Retrieved from https://www.cyberscoop.com/vpn-vulnerabilities-china-apt-palo-alto/