1 min read

APT Hackers for Hire Used for Industrial Espionage

Liviu ARSENE

August 20, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
APT Hackers for Hire Used for Industrial Espionage

Bitdefender recently investigated an APT-style cyberespionage attack targeting an international architectural and video production company, pointing to an advanced threat actor and South Korean-based C&C infrastructure.

The targeted company is known to have been collaborating in billion-dollar real estate projects in New York, London, Australia, and Oman. The sophistication of the attack reveals that the APT-style group had prior knowledge of the company’s security systems and used software applications, carefully planning their attack to infiltrate the company and exfiltrate data undetected.

During the investigation, Bitdefender researchers found that threat actors had an entire toolset featuring powerful spying capabilities and made use of a previously unknown vulnerability in a popular software widely used in 3D computer graphics (Autodesk 3ds Max) to compromise the target.

Industrial espionage is nothing new, and, since the real estate industry is highly competitive, with contracts valued at billions of dollars, the stakes are high for winning contracts for luxury projects. This could justify turning to mercenary APT groups for gaining a negotiation advantage.

Key Findings:

•    Potential APT mercenary group used for industrial cyberespionage
•    Industrial espionage for competitiveness in the real estate industry
•    Malicious payload posing as a plugin for a popular 3D computer graphics software (Autodesk 3ds Max)
•    Payload tested against the company’s security solution to avoid detection upon delivery
•    C2 infrastructure based in South Korea

For more detailed information about the investigation, please check out the full paper below:

Download the whitepaper

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE
9 min read
Debugging MosaicLoader, One Step at a Time Debugging MosaicLoader, One Step at a Time
Janos Gergo SZELESBogdan BOTEZATU
1 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Bitdefender

July 14, 2021

10 min read