TeamT5 is a leading APT intelligence provider in the Asia & Pacific region. TeamT5 shared our research in the Black Hat Asia 2022. In this seminar, TeamT5 pointed out China-nexus APT groups who launched massive attacks against the online entertainment business in the APAC region.
Charles Li (Chief Analyst) and Che Chang (Cyber Threat Analyst) from TeamT5 pointed out these attacks are not only money-driven, they also collect data from victim companies. The motives are closely aligned with the national interests of the Chinese government.
The Chinese government has put significant pressure on the online entertainment industry. It freezes gaming licenses from Sept 2021 to Apr 2022. It crackdown on Macau gambling industry and forced gamblers to move online. During the time of pandemic, online gambling skyrocketed.
China-nexus APT groups' attacks on online entertainment business might be one of the crackdown moves by the Chinese government. Previously, many cases were believed to be financially-motivated attacks because of the usage of ransomware. However, based on TeamT5’s observation in the past few years, APT attacks against online entertainment companies are also driven by espionage purposes.
These threat groups use various tactics, techniques, and procedures (TTPs). For example, they collect info in recruiting websites or forums. Then, they conduct spear phishing which targets customer supporting teams. The content of the phishing email is complaining about system issues and asking team staff to open attachments. Another way is phishing via social network platforms by crafting profiles and approaching sales, ITs, RDs in the targeting companies.
These threat groups also exploit vulnerabilities of exchange server, VPN server, browser, web, or NAS to compromise the targeting companies. Supply chain attack is another way they use. By compromising the ERP system or official website, they’re able to fulfill their goals.
In the process, some threat groups modify specific weapons to attack online entertainment industry (e.g. SLIME 29). For Amoeba (a.k.a APT41), they use the same weapons that have been used to attack other industries but they developed proprietary tools for maintaining. Others didn’t develop tailored weapons to attack the online entertainment industry (e.g. TianWu、Greedy Taotie、SLIME34).
Dissecting the current TTPs is merely the first step. TeamT5 urges organizations to start the threat intelligence cycle and have tailored & accurate threat intelligence.
About Black Hat Asia
Black Hat is the world’s leading information security event, and remains the best and biggest event of its kind. It provides attendees with cutting-edge security research, development and trends, and has the ability to define tomorrow’s information security landscape. Black Hat Asia is an Black Hat extended event which is held in Singapore annually.
BlackHat's Talk: Breaking Samsung's Root of Trust - Exploiting Samsung Secure Boot
vulnerability research , D39, Black Hat, cyber threat intelligence, threat hunting
【Black Hat Asia 2022】New Trend of Modular Backdoor and APT Attacks, TeamT5 Researchers Publish Analysis at Black Hat Asia
threat hunting, cyber threat intelligence