Hackers in China are part of massive government group, the report says
There’s an English proverb that goes like this “One arrow is easily broken, but many arrows are indestructible.”
According to threat research group 401TRG at Denver-based security company ProtectWise, many hacking groups in China earlier thought to be individual hackers are actually a part of much larger, long-tailed, state-sponsored group.
401TRG said in its report that Winnti umbrella, is an "advanced and potent threat" with a primary long-term mission that is politically focused, the experts warn in a report released last week. Winnti refers to a "custom backdoor used by groups under the umbrella".
Hacking activities are not something new in China. The Chinese government lied about belatedly informing the Chinese public of security flaws in order to hide exploits it was likely using in attacks, according to a report earlier this year from a security company ‘Recorded Future’.
ALSO READ: Anti-Theft Software LoJack Hijacked By Russia-Linked Malware
The state-sponsored campaigns stretch back to 2009, with some reports of potential activity as far back as 2007, 401TRG said. These include some highly visible operations uncovered by Kaspersky Lab in 2013 and Trend Micro in 2017, as well as attacks targeting journalists reported by the Citizen Lab.
People working for the actual group typically begin by phishing users who might make way towards the target network, according to the report.
Data is then harvested using malware, though "campaign themes have matured" this year with "code signing certificates and software manipulation" becoming more popular.
"Gaming studios and high-tech businesses" in Japan, China, US, and South Korea have been the group's major targets.
While Winnti umbrella attackers generally use their own Control and Command Centers to cloak their actual location, 401TRG says, they have rarely made "chaotic" mistakes that provide evidence to their Chinese origins. In these cases, they "mistakenly" accessed machines using IP addresses linked to a China Unicom network in the Xicheng District of Beijing.
The group continues to function, the report said.
