https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

China Cyberattack

FBI Warns MSPs of Cyberattacks from China

  • Written by Frank J. Ohlhorst
  • January 11, 2019
A notorious Chinese malicious hacker group is stealing customer data. MSPs, be on alert.

The FBI has updated its warning about the Chinese hacking group APT10 and wants help from victims to better identify the attack vectors in use.

Unfortunately, due to the government shutdown, the FBI hasn’t been able to widely publicize the latest alerts. Alert Number AB-000102-MW, dated Jan. 2, can’t be found on the FBI’s Cyber Crime website, indicating that far too few MSPs are aware of the problem.

The alert outlines the latest intelligence available on the activities of the Chinese group known within the private sector as APT10, Cloud Hopper, menuPass, Stone Panda, Red Apollo, CVNX and POTASSIUM. This group heavily targets managed service providers (MSP) that provide cloud computing services; MSPs’ commercial and governmental clients; as well as defense contractors and governmental entities.

Powersolution.com's David Ruchman

Powersolution.com’s David Ruchman

“The FBI provides several recommended mitigation measures to be taken within the first 72 hours of detection, along with others, such as patch management, to be performed routinely in advance of incident detection,” said David Ruchman, chief technology officer at Powersolution.com, a New Jersey-based managed services provider.

But those mitigation measures are only a starting point.

“We believe best practices should be focused on the preventive measures, in addition to the remediation efforts after an intrusion,” Ruchman added. “Such measures include implementing standards and controls such as NIST, SANS and CIS. In addition, supporting IT infrastructures with highly qualified and trained IT security personnel is imperative.”

APT10 utilizes several components to compromise and navigate through target networks:

  • REDLEAVES: This component is a Remote Access Trojan (RAT) which operates primarily in memory to evade detection. Basic REDLEAVES functionality includes victim system enumeration, file search/deletion, screenshots, as well as data transmission. It utilizes and command and control (c2) that operates thru HTTP/HTTPS on ports 53, 80, 443 and 995.
  • UPPERCUT/ANEL: This is a backdoor Trojan used in spearphishing campaigns to deploy second-stage payloads such as credential harvesters. It’s reported that UPPERCUT is deployed using decoy Microsoft Word Documents that contain Visual Basic Macros to download further components. It’s also known to contain exploits for the CVE-2017-8759 and CVE-2017-1182 vulnerabilities.
  • CHCHES: This component is a RAT which communicates with C2 servers using HTTP Cookie headers. It’s noted that the primary method of compromise is thru spearphishing. The executable hides itself as a word document by using it’s the programs icon. CHCHES initially collects victim computer hostname; process identifier (PID); current working directory (%TEMP%); screen resolution; as well as kernel32.dll or explorer.exe version. This information is sent back to the attacker via their cookie based C2 infrastructure.

The FBI says any activity related to APT10 detected on a network should be considered an indication of a compromise requiring extensive mitigation and a call to law enforcement. 

Powersolution.com's Abdul Hammad

Powersolution.com’s Abdul Hammad

However, the APT10 attacks are only just the beginning.

“Early last year, we noticed an uptick in cyberespionage campaigns from other countries,” said Abdul Hammad, Powersolution.com’s CISO. “This resulted in a heightened awareness of potential exploits by cybercriminals, which has been reinforced with the recent FBI APT 10 FLASH report.”

Perhaps one of the most troubling aspects of the APT10 attacks is how …

  • Page 1
  • Page 2
Tags: MSPs MSSP Insider Network

Related


  • Spam
    Kaspersky Research: Russia Now No. 1 Global Source of Spam
    The most frequent targets of phishing attacks were online stores.
  • Cybersecurity Roundup
    Law Firm Cyberattack Exposes Tens of Thousands of Patient Records
    Cybercriminals prefer to target entities like law firms because of the enterprise data they possess.
  • Cloud security
    IT Facing Major Security Issues, But Cloud Security May Be Most Immense
    A number of reports point to security problems within client environments, but cloud could be the biggest.
  • Threats
    Despite SIEM Software Adoption, Threat Coverage Comes Up Short
    Enterprise SIEMs are unprepared for 84% of certain tactics and techniques.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Blame IT Pros for Data Privacy Failures?
  • MSSPs, Beware: Threat Analysis Group Warns of North Korean Social Engineering
  • Financial Sector Cyberattacks Rising with Bad Actors Raking in the Dough
  • Untangle Research: Breach Headlines to Prompt Increased Cybersecurity Spending

Galleries

View all

Threat Protection Vendors: Why MSSPs Have to Ramp Up Efforts Right Now

February 23, 2021

Industry Perspectives

View all

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Public Sector IT Funding Outlook for 2021–and What It Means for Our Reseller Partners

February 18, 2021

Webinars

View all

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021
  • 1

White Papers

View all

Ready To Add Cutting Edge IoT Solutions To Your Portfolio?

February 25, 2021

What Is The Value Of Distribution For The Internet Of Things?

February 25, 2021

The Internet of Things (IoT): Where do You Begin?

February 25, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@OneLogin hires @pulsesecure, @Juniper Networks vet as VP of global channels. #cybersecurity dlvr.it/RtVThK

February 25, 2021
ChannelFutures

.@Fortinet loses another channel vet, this time to @DeepInstinctSec. #cybersecurity dlvr.it/RtVR1t https://t.co/XvY0UQDzQL

February 25, 2021
ChannelFutures

Ready To Add Cutting Edge IoT Solutions To Your Portfolio? Read this white paper to learn how! @GetWirelessLLC… twitter.com/i/web/status/1…

February 25, 2021
ChannelFutures

What Is The Value Of Distribution For The Internet Of Things? This white paper will tell you @getwirelessllc… twitter.com/i/web/status/1…

February 25, 2021
ChannelFutures

The Internet of Things (IoT): Where do you begin? Read this white paper from @getwirelessLLC to find out… twitter.com/i/web/status/1…

February 25, 2021
ChannelFutures

5G Revolution or Evolution? @GetWirelessLLC dlvr.it/RtSzdZ https://t.co/Ot1F4s0tUq

February 25, 2021
ChannelFutures

#CPVirtual is going live in just 5 days! Get your pass before rates go up, and join us next week for the premier vi… twitter.com/i/web/status/1…

February 25, 2021
ChannelFutures

#ZeroTrust approach boosts #cybersecurity, aids #datalossprevention, says @tgravel. @appgatesecurity… twitter.com/i/web/status/1…

February 25, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X