According to reports from security researchers at
Blackberry, there has been a hacking campaign going on against vulnerable open-source
servers for almost ten years. The hackers have been operating successfully
throughout these periods until they were discovered recently.
The researchers said the hackers are likely from China, as they have been exploiting Linux Server vulnerabilities without being noticed for several years now.
They said the hacking syndicates, who are sponsored by the Chinese government , are carrying out cyber espionage against different industries in different countries. The purpose is for data collection and intellectual property theft.
Although the expansive campaign of the group is on
multi-platform, the researchers recently uncovered part of the group that
exploits Linux vulnerabilities since 2012. Since then, the attackers have not
updated their operational methods, the researchers report.
Blackberry’s chief product architect, Eric Cornelius, said although the attack was recently discovered, this hacking syndicate has been operational for many years. According to him, “A lot of these tool-sets go back to 2012 and 2013 which is a ridiculous amount of time for an adversary.”
A rational explanation of why this has gone under the radar
for many years is the fact that security firms do not concentrate much on Linux
since it’s not a user-friendly platform.
As a result, the hackers have taken advantage of the
security expressway they got to steal intellectual property from several
servers for many years.
Cornelius said it’s important to have the servers up and
running at all times, so the attackers decided it was best to use a pervasive
tool on a machine that will be turned on at all times.
The Blackberry researchers reiterated that the attacking
syndicates scanned for Red Hat Enterprise, Ubuntu and CentOS environments
across different industries, and attempted to identify vulnerable servers.
Afterward, they decided to set up persistence on the servers using malware.
Apart from having access to sensitive data and information , the attackers were able to infect the servers themselves. They also created a backdoor on the servers, allowing them to freely attack whenever they desire, as long as no one discovers the vulnerability.
And when the servers are compromised, it will be easier to
infiltrate the data, with the transfer from command-and-control servers seen as
web traffic, according to the Blackberry researchers.
These attackers did not try to hack into the servers, but
they were penetrating the systems gently and step-by-step to avoid any
detection from any security firm. That is why they were able to keep the
campaign operational for this long.
If they’ve been ransoming or encrypting these machines, they would have been caught and responses will follow. However, since there wasn’t any damage to the systems and servers, the attackers were able to prevent any suspect.
According to Cornelius, this act shows that they were prepared
with sophisticated tools to keep operating for many years.
When bad actors are very careful to cover their tracks,
they could mistakenly leave behind some clues that will fetch them out.
Throughout their operations over the years, these hackers left little that can
get them caught, but it seemed the little they left behind was enough for the
Blackberry researchers.
Blackberry said these hackers, while using their tools, got
a bit sloppy in their operation, leaving a gap that allowed the researchers to detect
them. The lack of operational security allowed Blackberry to correlate a
relationship linking the attackers to the operation.
Blackberry’s research lined the hacking campaign to Winnti,
a Chinese hacking syndicate that operates across different groups. The
syndicate makes use of civilian contractors for government-backed hacking
operations.
Cornelius said it’s likely that the hackers are still operational. But the best way to stay protected is to make sure operating systems and servers are updated so that they can’t take advantage of old vulnerabilities . He said users need to secure protection in multiple fronts like Macs, Linux, Mobile, and Windows if they want to avoid being victims of cyberattacks.
buy ccs online buy credit card dumps online
