Some of the best stories about cyberattacks are ones that have a happily ever after – when the cyber criminal is caught. That’s the recent case with APT20, a group responsible for a recent string of cyber attacks, and who is connected to the Chinese government, ZDNet reports.
Fox-IT, a Dutch cyber-security firm, published a report last week linking APT20 to multiple cyber attacks on government entities and management service providers, involving sections of healthcare, finance, insurance and energy. According to the report, APT20 has been conducting these attacks over the past two years, and have utilizing web services and network weak spots as points of entry into their targets’ systems, ZDNet says. Once the hackers got inside, they installed web shells, and “then spread laterally through a victim’s internal systems,” dumping passwords and searching for ways to access to more secure areas of the network.
APT20 was successful in breaking into these networks because they used “legitimate tools on hacked devices” in lieu of their own malware, which would have been detected. The group was able to hack “under the radar,” as a result.
Not So Smooth Criminal
According to Fox-IT’s report, APT20’s two-year hacking run ended when the group was called on to help one of the hacked companies investigate the attacks. Fox-IT said that APT20’s case serves as a great example of the lengths hackers will take to get the information they’re looking for (in APT20’s case, they were potentially looking for information to help the Chinese government commit espionage). Finally, APT20’s case also demonstrates how companies, governments, and other organizations should revisit and revamp their cybersecurity strategies regularly. Doing so will help decision makers protect their sensitive information, and harness their power to create a happy ending to their own cybersecurity story.