Saturday, January 25, 2025
HomeComputer SecurityAPT Hackers Targeting Windows platform to Attack Government Institutions & Corporations

APT Hackers Targeting Windows platform to Attack Government Institutions & Corporations

Published on

SIEM as a Service

Follow Us on Google News

Recent research discovered that sophisticated APT hackers group APT-C-36 targeting windows based platform to attackers Government institutes and corporate networks in Colombia.

Researchers believe that the threat actors are operating from South America using weaponized documents to targeting furthermore institutes such as the financial sector, petroleum industry, professional manufacturing, etc.

This APT group continuously targeting since April 2018 using spear-fishing email with a password protected RAR attachment to evade the security detection systems.

Researchers from 360 Threat Intelligence Center flagged almost 29 bait documents, 62 Trojan samples and multiple related malicious domains in total.

Most of the weaponized malicious documents are distributed via malspam emails with Attached MHTML macro based document.

The attachment contains the macro-enabled backdoor to gain a foothold into the target network to make it easier for later attacks.

According to 360 Threat Intelligence Center “Based upon victims’ backgrounds, the attacker is focusing on strategic-level intelligence and may also have motivations to steal business intelligence and intellectual property.”

Meanwhile, attackers masquerade as Colombian government websites also following spear-fishing emails, bait documents are used to compromising the corresponding victims.

Weaponized Malicious Docs

The attacker pretends to come from the National Directorate of Taxes and Customs:

APT hackers

Financial Institution (Banco Agrario)

  • Information and Related Email of the Attacked Institution

The Banco Agrario is a Colombian state financial institution founded in 1999 to provide banking services in the rural sectors.

APT hackers

Spoofed Colombian National Cyber Police

The bait document was spoofed from the Colombian National Cyber Police (caivirtual.policia.gov.co):

APT hackers

Attackers mainly spoofing the original sources make it looks like legitimate for example by masquerading the National Civil Registry to attack the Institute for the Blind, mimics to be the Tax and CustomsAdministration to attack companies with international trade.

In Some cases, Attachment is encrypted and the decryption password left in the body of the mail which is one of the common way that used to avoid detection.

Apart from these attackers using VPN, Proxy to hide their IP address before sending the mail and the real IP will not be visible.

Once the Malicious files get executed then the copied file saved in
the %AppData% directory to save the encrypted log, network information, and system information and finally collected data will be uploaded into C2 server.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offered IoT Botnet as Service “TheMoon” : Botnet-as-a-Service

Mac Malware Steals Cookies & saved Passwords when Users Visiting Crypto Exchange Service Websites

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

PayPal Fined $2 Million Fine For Violating Cybersecurity Regulations

The New York State Department of Financial Services (NYDFS) has imposed a $2 million...