Skip to content

Two Hacking Groups Seen Targeting Materials Sector in Asia

The two blog posts published by Symantec serve as a warning for businesses in Asia’s materials industry, as advanced persistent threat (APT) groups have been actively targeting them.

The most prominent of the hacking groups is Winnti, also known as APT41, Barium, Blackfly, Bronze Atlas, Double Dragon, Wicked Panda, and Wicked Spider, a Chinese state-sponsored threat group active since at least 2007, engaging in both cyberespionage and financially motivated attacks. In a recently observed operation, the APT was seen using the Winnkit backdoor, Mimikatz, and multiple tools for credential dumping, screen capture, process hollowing, SQL querying, memory dumping (ForkPlayground), and proxy configuration.

Symantec also observed a materials research organization in Asia being targeted by a previously unknown threat actor called ‘Clasiopa’, which does not appear to be affiliated with other APTs. Clasiopa likely gained access to the targeted organization by brute forcing public facing servers and used a diversified set of post-exploitation tools, including the Atharvan remote access trojan (RAT), a modified version of the Lilith RAT, the Thumbsender hacking tool, and a custom proxy tool. Analysis of Atharvan uncovered a Hindi mutex and a password that could suggest Clasiopa is based in India, but Symantec notes that these could be false flags deliberately planted by the threat actor.

Recent attacks on the materials sector in Asia have been attributed to a number of advanced persistent threat (APT) actors. Symantec has identified two such actors, Winnti and Clasiopa, and has observed them using a variety of tools, including backdoors, credential dumping tools, process hollowing, SQL querying, memory dumping, and proxy configuration. Winnti is a prominent Chinese state-sponsored threat group active since at least 2007, and Clasiopa is a previously unknown threat actor that may be based in India.

Organizations in the materials sector should remain vigilant against such threats, as they are a prime target for intellectual property theft. To protect against such attacks, organizations should implement strong endpoint security solutions and regularly monitor network activity for signs of malicious activity.

Key Points:

  • Symantec has identified two advanced persistent threat (APT) actors targeting materials sector in Asia.
  • The most prominent of the hacking groups is Winnti, a Chinese state-sponsored threat group active since at least 2007.
  • The other APT actor is Clasiopa, a previously unknown threat actor that may be based in India.
  • Organizations in the materials sector should remain vigilant against such threats and implement strong endpoint security solutions.
  • They should also regularly monitor network activity for signs of malicious activity.

Leave a Reply

Your email address will not be published. Required fields are marked *