La tua posizione Home  :: Libreria articoli :: CyberSecurity :: Threat Actors -> Chimera [China]

 
      Menu principale
  Home
      About: Totocellux
      LinkedIn
      X (Twitter)
      GitHub
  Libreria articoli
      Avvisi Portale
      Software
      Hardware
      CyberSecurity
      Networking
      Telefonia
      Virtualizzazione
  Galleria Web
  Forum

Benvenuto Ospite, nel Portale Campolo.eu:
se sei già utente effettua il login,
altrimenti puoi facilmente registrarti.

[Registrati] [Login]

      Skin
Seleziona la skin dell'interfaccia

      Moduli
XML - Risorsa di notizie
Consiglia Campolo.eu ai tuoi amici

      Sondaggio settimanale
What do you think of Phoenix?
 
Creative AND Clean
Creative NOT Clean
NOT Creative BUT Clean
NOT (Creative AND Clean)

      Chimera [China]
espandi info/opzioni dell'articolo | Opzioni articolo | Sommario |
Names Chimera (CyCraft) Country China China Motivation Information theft and espionage First seen 2018 Description (CyCraft) For nearly two years, our team monitored several attacks that targeted Taiwan’s semiconductor vendors. We believe these attacks originated from the same threat actor – Chimera – as these attacks utilized similar tactics, techniques and even the same customized malware. The actor likely harvested various valid credentials via phishing emails or data breaches as their starting point to conduct their cyber attack on the vendors. Cobalt Strike was later used as their main RAT tool. To avoid detection, the Cobalt Strike RAT was often masqueraded as a Google Chrome Update. The RAT would then connect back to their C2 server. As these servers were in a public cloud server, it made it difficult to track. Subsequently, by compromising the AD server, the delicate malware – SkeletonKeyInjector – was invoked to implant a general key to allow LM, persistence and defense evasion. Although this malware was discovered for the first time, we have high confidence that these attacks were conducted by the same threat actor. Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets. The motive may be related to business competition or a country’s industrial strategy. Observed Sectors: Aviation, High-Tech. Countries: Netherlands, Taiwan and different geographical areas. Tools used Cobalt Strike, SkeletonKeyInjector. Operations performed Late 2017 Hackers spent 2+ years looting secrets of chipmaker NXP before being detected Late 2018 Operation “Skeleton Key” Oct 2019 NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry. Information MITRE ATT&CK Last change to this card: 30 November 2023
 
a Threat Actors
a libreria articoli
Home 

 
      Statistiche del Portale
numero di categorie: [ 44 ] / numero di articoli: [ 108 ]
Numero di collaboratori registrati localmente: [ 4 ]
Numero di accessi unici: [ 827 ]

 
This site is Phoenix Technology Enabled tempo di generazione pagina: [0.046875] secondi
Si consiglia l'uso del browser Google Chrome!!
Powered by Phoenix (UglySabiSkinner)
:: Informativa privacy/cookies ::
Contatta l'Amministratore