Menu
Japan’s infrastructure probed by cybergroup, security firm says

Japan’s infrastructure probed by cybergroup, security firm says

The group may have links to APT 1, believed to be part of China's army

A group of cyberattackers that emerged in 2010 and then went quiet has resurfaced and is targeting Japan's critical infrastructure, a security vendor said this week.

The attacks have targeted utilities and energy companies in Japan, as well as other companies in finance, transportation and construction, said Greg Fitzgerald, chief marketing officer at Cylance, which specializes in end-point protection.

The group appears to be based in Asia, and its methods and procedures suggest it may be linked to a nation state, Fitzgerald said.

Symantec detected signs of the group, which Cylance calls Operation Dust Storm, in 2010, Fitzgerald said. The group went quiet in March 2013, shortly after Mandiant -- the forenics investigative unit of FireEye -- published a lengthy report on APT 1, which the company believes to be an elite cyber unit of the Chinese army.

The attacks studied by Cylance were aimed exclusively at Japan, Fitzgerald said. The group has acquired upwards of 200 domain names for part of its command-and-control infrastructure, he said.

The aim doesn't appear to be to damage critical infrastructure along the lines of what recently happened in December to utilities in Ukraine. Cyberattacks knocked out power to tens of thousands of customers in incidents security experts have said highlight the vulnerability of Internet-connected critical infrastructure. 

Rather, the group is focused on reconnaissance and espionage and maintaining long-term access to networks, Fitzgerald said.

Cylance has reached out to Japan's Computer Emergency Response Team, the country's national cybersecurity coordinator, with its findings. It has also published a report with technical information, including domain names and hashes of malware, that could help companies figure out if they've been compromised.

Those infected are thought to have fallen victim to spear phishing emails, or targeted messages containing malware attachments. Another possibility is so-called watering-hole attacks, where victims are persuaded to click on a link or visit a website that has been compromised, delivering the attacker's malware.

In 2014 through last year, the attackers were installing a backdoor called Zlib.

"The backdoor provided the attacker with the ability to upload and download files, enumerate files and drives, enumerate system information, enumerate and manipulate Windows services, enumerate and impersonate logon sessions, mimic keystrokes and mouse input, capture screenshots and execute shell commands," according to Cylance's report.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments