Threat Intelligence, Data Security

Data exfiltration tools by APT31 group detailed

An analysis by Kaspersky researchers exposed a collection of advanced malware employed by the Chinese state-sponsored threat group APT31 to exfiltrate the sensitive data of numerous Eastern European organizations last year, The Hacker News reports. The cyber group, which also goes by the names Violet Typhoon, Bronze Vinewood, and Judgement Panda, used a total of 15 implants to conduct its attacks while enabling a permanent data exfiltration channel with targets and harvesting even of data that is stored in air-gapped systems, according to the researchers. The group's malware stack is composed of three stages: establishing persistence, harvesting sensitive data, and sending the data to a remote server it controls. Researchers noted that APT31 additionally deployed a command and control server within the corporate perimeter, which it used as a proxy for data transmission from systems without Internet access. Other tools that the researchers discovered were for manual uploading of data to temporary file-sharing services such as Yandex Disk, imgshare, and zippyimage.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.