12
Chinese VPN Service as Approach Stage?
Hardly a week goes by with no news story about state-sponsored Chinese cyberspies breaking into Fortune 500 firms to steal private data, intellectual property and other priceless assets. Now, researchers say they have unearthed evidence that a number of the same Chinese hackers also have been selling access to computers that are compromised within those businesses to help perpetrate future violations.
The so called “Great Firewall of China” is an attempt by the Chinese authorities to block citizens from obtaining particular content and Web sites that the government has deemed objectionable.
Security pros at RSA Research say they have identified an archipelago of Chinese-language virtual private network (VPN) services advertised to Chinese online gamers and people wanting to evade censorship, but which also seem to be utilized as an active platform for launching strikes on non-Chinese corporations while confusing the sources of the attackers.
The hacker group believed to be using Terracotta to start and conceal strikes is understood by several code names, including the “Shell_Team” and “Deep Panda.” Security specialists have linked this Chinese espionage gang to a number of the biggest data violations in U.S. history, including the recent assault on the U.S. Office of Personnel Management, as well as the violations at U.S. health care insurance companies Anthem and Premera.
A lot of these places seem to be more than servers at Internet providers in Japan, Korea, America and elsewhere that offer virtual private servers that are low-cost.
The report measures through a forensics investigation that RSA ran on among the endangered VPN systems, monitoring each measure enlist the system as a portion of the Terracotta VPN network and ultimately the intruders took to break into the server.
“All of the endangered systems, supported through casualty-communicating by RSA Research, are Windows servers,” the firm wrote. “RSA Research supposes that Terracotta is targeting vulnerable Windows servers because this system contains VPN services which can be configured immediately (in an issue of seconds).”
RSA says suspected nation state performers have leveraged at least 52 Terracotta VPN nodes to use sensitive goals among Western commercial and authorities organizations. The business said it received a certain report from a big defense contractor concerning 27 distinct Terracotta VPN node Internet addresses which were used to send phishing e-mails targeting users within their organization.
“Out of the thirteen distinct IP addresses used in this effort against this one (APT) goal, eleven (85%) were correlated with Terracotta VPN nodes,” RSA wrote of one cyber espionage effort it inquired. “Maybe one of the advantages of utilizing Terracotta for Advanced Risk Performers is that their espionage connected network traffic can mix-in with ‘otherwise-valid’ VPN traffic.”
There are no comments.