APT Hackers for Hire Used for Industrial Espionage

Bitdefender recently investigated an APT-style cyberespionage attack targeting an international architectural and video production company, pointing to an advanced threat actor and South Korean-based C&C infrastructure.

The targeted company is known to have been collaborating in billion-dollar real estate projects in New York, London, Australia, and Oman. The sophistication of the attack reveals that the APT-style group had prior knowledge of the company’s security systems and used software applications, carefully planning their attack to infiltrate the company and exfiltrate data undetected.

During the investigation, Bitdefender researchers found that threat actors had an entire toolset featuring powerful spying capabilities and made use of a previously unknown vulnerability in a popular software widely used in 3D computer graphics (Autodesk 3ds Max) to compromise the target.

Industrial espionage is nothing new, and, since the real estate industry is highly competitive, with contracts valued at billions of dollars, the stakes are high for winning contracts for luxury projects. This could justify turning to mercenary APT groups for gaining a negotiation advantage.

Key Findings:

•    Potential APT mercenary group used for industrial cyberespionage
•    Industrial espionage for competitiveness in the real estate industry
•    Malicious payload posing as a plugin for a popular 3D computer graphics software (Autodesk 3ds Max)
•    Payload tested against the company’s security solution to avoid detection upon delivery
•    C2 infrastructure based in South Korea

For more detailed information about the investigation, please check out the full paper below:

Download the whitepaper