APT Hackers for Hire Used for Industrial Espionage

Bitdefender recently investigated an APT-style cyberespionage attack targeting an international architectural and video production company, pointing to an advanced threat actor and South Korean-based C&C infrastructure.
The targeted company is known to have been collaborating in billion-dollar real estate projects in New York, London, Australia, and Oman. The sophistication of the attack reveals that the APT-style group had prior knowledge of the company’s security systems and used software applications, carefully planning their attack to infiltrate the company and exfiltrate data undetected.
During the investigation, Bitdefender researchers found that threat actors had an entire toolset featuring powerful spying capabilities and made use of a previously unknown vulnerability in a popular software widely used in 3D computer graphics (Autodesk 3ds Max) to compromise the target.
Industrial espionage is nothing new, and, since the real estate industry is highly competitive, with contracts valued at billions of dollars, the stakes are high for winning contracts for luxury projects. This could justify turning to mercenary APT groups for gaining a negotiation advantage.
Key Findings:
• Potential APT mercenary group used for industrial cyberespionage
• Industrial espionage for competitiveness in the real estate industry
• Malicious payload posing as a plugin for a popular 3D computer graphics software (Autodesk 3ds Max)
• Payload tested against the company’s security solution to avoid detection upon delivery
• C2 infrastructure based in South Korea
For more detailed information about the investigation, please check out the full paper below:
tags
Author
Right now
Top posts
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
November 08, 2021
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
September 16, 2021
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021