Member
- Joined
- Oct 10, 2023
- Messages
- 133
- Thread Author
- #1
The "Double Alien Rat" group masterfully imitates the activity of other hackers, making it difficult to investigate.
Recently, experts from NSFOCUS's Fuying Lab discovered a large-scale cyberattack against Chinese government institutions that lasted more than 6 months. The attack was organized by a previously unknown hacker group, dubbed "Double Alien Rat" or "Double Alien Rat"by researchers.
The group used zero-day vulnerabilities in network devices to gain access to the internal networks of government organizations and enterprises. After that, the attackers scanned the network for valuable data and carried out targeted attacks.
According to the researchers, the "Double Rat" demonstrates a high level of skill and awareness of the peculiarities of networks and the language environment in China. The group also actively uses disinformation methods to hide traces of its activities and simulate attacks by well-known APT groups.
The Double Rat reportedly uses three main stages of attack. At the first stage, devices accessible from the Internet are compromised through the use of zero-day vulnerabilities. Once they gain access, the attackers upload malware to the compromised devices.
At the second stage, network scanning identifies vulnerable devices already in the victim's internal network. This stage allows you to evaluate the value of available targets and choose further attack tactics.
At the third stage, hacked devices are used to send targeted phishing emails to employees of the organization, which further increases the effectiveness of the attack.
The Double Rat tactic is particularly sophisticated. Hackers try to hide traces of their activities and mislead the investigation. In particular, they use tools and techniques typical of such well-known APT groups as APT29 and APT32, which makes it possible to simulate attacks by these groups and significantly complicate the attribution of incidents.
In addition, the "Double Rat" group carefully masks its malware and gets rid of any data that may lead to the disclosure of the hackers ' identity.
Despite the advanced tactics of the group, experts still managed to create an approximate profile of these intruders. Based on the tools and methods used, language features, and understanding of the specifics of China's networks, we can assume that this is an experienced external hacker group based in one of the Asian countries and specializing specifically in cyber attacks against China. Experts believe that the activities of the "Double Rat" pose a serious threat to the country's cybersecurity.
Experts urge local organizations to strengthen their protection against the use of 0-day vulnerabilities and targeted attacks, as well as develop cyber incident analysis capabilities. In the future, this will prevent large-scale APT attacks, such as the "Double Rat" activity.
Recently, experts from NSFOCUS's Fuying Lab discovered a large-scale cyberattack against Chinese government institutions that lasted more than 6 months. The attack was organized by a previously unknown hacker group, dubbed "Double Alien Rat" or "Double Alien Rat"by researchers.
The group used zero-day vulnerabilities in network devices to gain access to the internal networks of government organizations and enterprises. After that, the attackers scanned the network for valuable data and carried out targeted attacks.
According to the researchers, the "Double Rat" demonstrates a high level of skill and awareness of the peculiarities of networks and the language environment in China. The group also actively uses disinformation methods to hide traces of its activities and simulate attacks by well-known APT groups.
The Double Rat reportedly uses three main stages of attack. At the first stage, devices accessible from the Internet are compromised through the use of zero-day vulnerabilities. Once they gain access, the attackers upload malware to the compromised devices.
At the second stage, network scanning identifies vulnerable devices already in the victim's internal network. This stage allows you to evaluate the value of available targets and choose further attack tactics.
At the third stage, hacked devices are used to send targeted phishing emails to employees of the organization, which further increases the effectiveness of the attack.
The Double Rat tactic is particularly sophisticated. Hackers try to hide traces of their activities and mislead the investigation. In particular, they use tools and techniques typical of such well-known APT groups as APT29 and APT32, which makes it possible to simulate attacks by these groups and significantly complicate the attribution of incidents.
In addition, the "Double Rat" group carefully masks its malware and gets rid of any data that may lead to the disclosure of the hackers ' identity.
Despite the advanced tactics of the group, experts still managed to create an approximate profile of these intruders. Based on the tools and methods used, language features, and understanding of the specifics of China's networks, we can assume that this is an experienced external hacker group based in one of the Asian countries and specializing specifically in cyber attacks against China. Experts believe that the activities of the "Double Rat" pose a serious threat to the country's cybersecurity.
Experts urge local organizations to strengthen their protection against the use of 0-day vulnerabilities and targeted attacks, as well as develop cyber incident analysis capabilities. In the future, this will prevent large-scale APT attacks, such as the "Double Rat" activity.