A cyber-espionage group that has long been considered a foreign arm, acting on the special directives of the Chinese government, has come forth with its latest attacks. This time, it has targeted the UK government contractor where it is believed that the attackers found and stole information regarding the British government’s departments as well as sensitive military technology.
The attackers are believed to have used tools that have not yet been encountered by the authorities. It is believed that while the tools and the virus itself was an older malware, it helped them infiltrate the computers longer as they utilized some legitimate apps. Almost all of the compromised systems were found with these apps as well as clear indication that this was a deliberate maneuver in order to remain undetected for as long as possible.
The NCC group which was given the responsibility of investigating as well as coming up with a future fire wall suggestion to prevent such attacks further revealed that this attack seems to have been carried out by a group that had an earlier attack thwarted but was able to infiltrate the system this time due to more clinical tools being used. The same tools also aided them in staying undetected within the system. The new malware signals that the attackers have developed several new malware techniques which allow them to infiltrate systems and prolong their stay while remaining undetected for several days.
The group that carried out this particular attack has been identified through their distinct codename “APT15”. APT15 is an online espionage outfit which aims to carry out similar attacks in other European and Western countries in order to gain access to any sort of sensitive information. Their name has popped in several other reports which highlight them as a digital threat to the cyber security of these nations. Similar attacks have been carried out by groups such as Ke3chang, Mirage, Vixen Panda GREF and Playful Dragon.
Revealing the specific details of the attack, the UK government contractor revealed that APT15 deployed two additional backdoors titled Royal CLI and Royal DNS to be able to gain access to the contractor’s network.