Chinese hackers, dubbed LuckyMouse, are behind the campaign aimed to overtake government assets, researchers say.
The well-known hacker group has launched a campaign against a national data center, in order to overtake government resources.
Investigators detected the campaign, back in March, but they believe that is have been active since the fall of 2017.
The ongoing attack is attributed to a Chinese-speaking hacker group named LuckyMouse, also known as EmissaryPanda or APT27.
This time LuckyMouse has chosen a high-value target for its campaign — a national data center in central Asia.
Researchers believed that the data center was chosen for one reason only: access to a wide variety of government resources.
Companies and individual people must take certain precautions against this growing phenomenon of cyber attacks; for that they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows or antivirus for Mac depending on which OS your device is using. Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
The initial attack vectors against the unnamed data center remain “unclear”, researchers say.
LuckyMouse were specialized in the use of weaponized and malicious documents which contained a widely-used Microsoft Office exploit, but this time is not certain that here the same technique was used.
It may be possible that now a watering hole or phishing scheme was used to compromise accounts belonging to employees at the center.
After infection occurred the center was used as a springboard to inject malicious scripts into government websites in order to lunch watering hole attacks and to redirect website visitors to phishing or malware spreading pages.
First, the initial payload deployed three files which are “typical” for LuckyMouse modus operandi. The first file is nothing more than a legitimate package for DLL side-loading: Symantec pcAnywhere, the second one contains a .dll launcher and the last one is a decompressor which loads a Trojan into svchost.exe’s process memory.
The arrayed Trojan is named HyperBro; after running a malware analysis on it, researchers concluded that its job is to maintain persistence in the system and create a pathway for remote administration. After the HyperBro attack succeeded other malware payloads were deployed, including the Browser Exploitation Framework (BeEF) and the ScanBox reconnaissance system, which can perform the same tasks as keyloggers.
The main command-and-control (C&C) server used for this attack is bbs.sonypsps.com — a Ukrainian ISP’s network server. Along with the C&C server, researchers discovered that a hacked Mikrotik was used in order to process the malware’s HTTP requests without detection.
The C&C in use, as well as the Trojan, has been connected to LuckyMouse in past campaigns; this is not a surprise because lately, LuckyMouse has been very active developing newer and stealthier ways to infect Asian victims.
Keep in mind that every private data has a significant value that must be protected by at least cybersecurity solution like an antivirus. Depending on which OS your device is running, install an antivirus for Windows or antivirus for Mac for total protection. Companies must take an extra step and hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking test. For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.
Regular users are the most affected by malware this day because most of them do not care about what antivirus they have installed in their systems.
Users can download antivirus developed by our company directly by clicking the download banner from the end of the page.
Our free download antivirus can help users to protect their Mac or Windows devices against malware and adware.
We offer a free antivirus one day license to all our users who want to test the full power of our antivirus solution.
Our antivirus can detect a vast spectrum of threats, from dangerous malware to nasty browsers extensions used for mining the crypto-currency.
The antivirus our company is offered is a certified product of OPSWAT.
Most of the companies don't care about cybersecurity until they suffer a breach.
A healthy company must perform a penetration test from time to time. The penetration test must execute against all the assets of the company, including the workers who are the most vulnerable to the social engineering attacks.
A penetration test can be done either by a security specialist from inside of the company or by hiring an external cyber security company who can take care of everything.
Besides penetration test, a company must have a minimum healthy cybersecurity system installed like antivirus or firewall.
CyberByte company can perform various penetration tests on all the spectrum of PCI/DSS compliance to the red team, perimeter testing, and social engineering.
We also provide services to employee profiling and cyber threat monitoring, since most of the data breaches this day come from the inside of the company.
To check our penetration test services go to the Services tab from the main menu.
Windows users can download free antivirus solution CyberByte by clicking the banner. The free antivirus will help you to know if your PC is infected. Windows free antivirus of CyberByte is an awarded software for malware detection.
Mac / MacOS / OS X users can download free Mac antivirus solution CyberByte by clicking the banner. The free antivirus will help you to know if your Mac is infected. MacOS / OS X free antivirus of CyberByte is an awarded software for malware detection. The free antivirus for Mac is available for new MacOS and older OS X versions.
Features of CyberByte™ antivirus:
- Protects you from all kind of threats
- CyberByte™ custom detection engine includes Mac and Windows malware protection and detection
- Fastest scanning times in the market
- Crypto Mining rogue extensions/malware detection
- Ransomware detection - don’t negotiate with ransomware cyber terrorists – keep your Mac and Windows safe
- Active live protection from background
- Certified Threat Detector by OPSWAT
- Easy to Install
- Easy to Manage
- Incredible value for money
Invisible, protecting you from behind the scenes - You will not feel it is installed on your computer, easy on the resources, like a protection software should be.
Original technology that combines behavioral heuristic analysis with powerful signatures database – the CyberByte™ Protection Engine delivers top of the line protection in an instant.
Fastest scanning times in the market – your time is precious, but also so is your digital life – CyberByte™ delivers fast scanning saving both time and your valuable data.
Don’t negotiate with ransomware cyber terrorists – keep your Mac safe and don’t ever end up paying for what is already yours.
Protect others as well – the CyberByte™ Protection Engine not only detects the threat but stops it from spreading to other Macs or Windows machines.
Don’t let strangers use your resources – more than 80% of the attacks are crypto mining driven. Are you sure your computer is not mining for crypto while you read this text?
Our malware protection will continuously look after your device providing the best security against viruses. Give us the chance to prove it by downloading the antivirus for your device.
CyberByte Antivirus is a certified product by OPSWAT (OPSWAT is a San Francisco-based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against
zero-day attacks by using multiple antivirus engine scanning and document sanitization.
To learn more about OPSWAT’s innovative and unique solutions, please visit http://www.opswat.com).
CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The procedure is simple:
Just free download antivirus from CyberByte website either for Mac or Windows.
Install it using the antivirus installer package.
Windows and Mac users will free malware scan their devices. The scan duration depends on how many files the end user has.
CyberByte antivirus will show if any files are infected after the scan is finished.