Security experts have identified a Chinese hacking group which has stolen confidential information by attacking government organisations in six countries, including India.
Government organisations in India, Brazil, Kazakhstan, Russia, Thailand and Turkey suffered damage as a result of the attacks.
The Calypso APT (or Advanced Persistent Threat) group has been active since 2016, Engadget reported.
To get access to the victim’s internal network, the attackers hack the network perimeter and inject a special programme which gave them, the investigation by Positive Technologies found.
The investigation revealed the attackers moved along the network either by exploiting Remote Code Execution vulnerability (MS17-010) or by using stolen credentials.
“These attacks succeeded largely because most of the utilities the group uses to move inside the network are widely used by the specialists everywhere for network administration,” Denis Kuvshinov, Lead Specialist in Threat Analysis at Positive Technologies said in a statement.
“The group used publicly available utilities and exploit tools, such as SysInternals, Mimikatz; EternalBlue, and EternalRomance. Using these widely available tools, the attackers infected computers on the organisation’s LAN (local area network) and stole confidential data,” Kuvshinov said.
According to the experts at Positive Technologies, organisations can prevent such attacks by using specialised systems for deep traffic analysis.
These systems facilitate the detection of suspicious activity at the early stages of the attackers’ incursion into the LAN, and then would prevent the hackers from getting a foothold in the company infrastructure.