Chinese Hackers Deploy Phishing Links on Key Aerospace firm Infrastructure
Chinese Hackers Deploy Phishing Links on Key Aerospace firm Infrastructure.
An anonymous Chinese hacking group is known as ‘Space Pirates’ targets Russian aerospace firms with phishing emails to install malware on their systems. The exploit made by the Space Pirates was to enable the privilege to get access to the system.
It was discovered that Space Pirates has been in existence since 2017 and deploy links to known groups like APT41 (Winnti), Mustang Panda, and APT27, this was assumed to be a new format of malicious threat.
Threat analysts Positive Technologies begin the act by collating and collecting reconnaissance data which are confidential in an abrupt method from industries in the aerospace field.
Administrative bodies are now the main target of the Space Pirates APT group due to their large involvement in technical services, aerospace, and electric power industries located in Russia, Georgia, and Mongolia.
Research disclosed by the threat analyst stated how Space Pirates activity was detected last summer during incident response, thus the same malware technique has been used against four more domestic entries since 2019.
These hackers were able to successfully integrate their activities in two cases in Russian companies. During the first case, they had unauthorized access to 20 servers by illegally capturing 1,500 documents of the company’s confidential data and infrastructure. In the second case, the Chinese hackers breached the company’s network for over a year stealing information and installing malware on 12 corporate network nodes in 3 regions.
Blockbuster of malware
Space Pirates obtained sensitive data and got backdoors that have been present for years, they also had Chinese trademark malware PlugX, and tailored spins of the PcShare backdoor.
BH_A006 is a heavily modified version of the Gh0st backdoor, featuring many layers of obfuscation to bypass security protections and thwart analysis. It has in-built adaptability that could overcome strong layers of security.
Another interesting custom tool is Deed RAT, which features an unusual, intelligent method of transferring control to the shellcode.
Data infiltration is a consistent technicality from hackers as they acquire sensitive information from aerospace, weapons, electrical engineering, shipbuilding, and nuclear technology.