Security researchers have discovered the Chinese hacking group, Calypso APT (or Advanced Persistent Threat), that have stolen confidential data by attacking government organisations in six countries, including India.
The group attacked countries including India, Brazil, Kazakhstan, Russia, Thailand, Turkey, and caused damage to their respective government, said specialists from London-headquartered global security solutions provider Positive Technologies.
As per a report on Engadget, the group has been active since 2016.
The investigation unraveled that the attackers moved along the network either by exploiting Remote Code Execution vulnerability (MS17-010) or by using stolen credentials.
“These attacks succeeded largely because most of the utilities the group uses to move inside the network are widely used by the specialists everywhere for network administration,” Denis Kuvshinov, Lead Specialist in Threat Analysis at Positive Technologies said in a statement.
“The group used publicly available utilities and exploit tools, such as SysInternals, Mimikatz; EternalBlue, and EternalRomance. Using these widely available tools, the attackers infected computers on the organisation’s LAN (local area network) and stole confidential data,” Kuvshinov said.
As per the experts at Positive Technologies, organisations can prevent such attacks by using specialised systems for deep traffic analysis. With the help of these systems, they can detect any suspicious activity at the early stages, and then would prevent the hackers from getting a foothold in the company infrastructure.
In addition to this, monitoring of security incidents, along with perimeter and web application protection, can also help in detecting and preventing these attacks.
“The group has several successful hacks to its credit, but still makes mistakes allowing us to guess its origins,” Positive Technologies said in a report.
“We keep monitoring the activities of Calypso closely and expect the group will attack again,” it added.
(With input from agencies)