Report on Advanced Persistent Threat
Added on 2022-09-01
12 Pages3350 Words34 Views
Report on APT 32
NAME
COURSE
INSTITUTION
NAME
COURSE
INSTITUTION
Introduction
Advanced Persistent Threat (APT) is a security attack that is targeting networks in an
organization such as companies and states and they do stay inside the network system for longer
time in order to extract highly sensitive data in it. Most of such attacks are sponsored by large
organizations or even states. APT are very organized hackers and they will crack into the system
unnoticed and they will be working on monitoring all the operations of the organizations or
states and they will not quit until they get all the data they were aiming to fetch.in most cases
APT are hired by the competitors of a company or a country to spy on a company so that they
may get to identify the strategies and their plans and hence use the information to counter attack
them. The aim of this report is to analyze APT32. It is covering all the information related to
APT32; whom it is attributed to, types of malware used in APT and the working of the APT.
(a) Who is APT32 attributed to and how was this information determined?
APT32 is a group of hackers who are believed to be linked to Vietnamese state and they are
espionage on the secrets of foreign states and some private companies. They are a group of
highly trained hackers who use highly sophisticated software to get access into the system and
spy on all the activities inside the company or state without being noticed. APT32 are believed to
be using malware which cannot be easily identified as intruders in a network. This attack on
network is a dangerous attack and it can lead to big loss of data in a company or state. They
cannot be easily traced to their origin and this will leave them operating freely in the globe.
APT32 do attack a network quietly without being noticed and there rise a question, how is the
information about APT32 determined? According to the research done by the FireEye, their
intelligence team including FireEye as Service (FaaS), FireEye isight intelligence and FireEye
Advanced Persistent Threat (APT) is a security attack that is targeting networks in an
organization such as companies and states and they do stay inside the network system for longer
time in order to extract highly sensitive data in it. Most of such attacks are sponsored by large
organizations or even states. APT are very organized hackers and they will crack into the system
unnoticed and they will be working on monitoring all the operations of the organizations or
states and they will not quit until they get all the data they were aiming to fetch.in most cases
APT are hired by the competitors of a company or a country to spy on a company so that they
may get to identify the strategies and their plans and hence use the information to counter attack
them. The aim of this report is to analyze APT32. It is covering all the information related to
APT32; whom it is attributed to, types of malware used in APT and the working of the APT.
(a) Who is APT32 attributed to and how was this information determined?
APT32 is a group of hackers who are believed to be linked to Vietnamese state and they are
espionage on the secrets of foreign states and some private companies. They are a group of
highly trained hackers who use highly sophisticated software to get access into the system and
spy on all the activities inside the company or state without being noticed. APT32 are believed to
be using malware which cannot be easily identified as intruders in a network. This attack on
network is a dangerous attack and it can lead to big loss of data in a company or state. They
cannot be easily traced to their origin and this will leave them operating freely in the globe.
APT32 do attack a network quietly without being noticed and there rise a question, how is the
information about APT32 determined? According to the research done by the FireEye, their
intelligence team including FireEye as Service (FaaS), FireEye isight intelligence and FireEye
product engineering, they managed to unmask the operations of the APT32 which targeted the
private sector company operations in Southeast Asia (Carr, 2017).
(b) Who is the APT32 targeted towards and how was the information determined?
There are some cases of cases that have been reported on attacks by use of malware which have
been traced to belonging to APT32 group which has the nickname OceanLotus. This group of
hackers started to engage in their operations in 2012 and since then, many cases of their malware
attacks have been reported locally and also internationally. FireEye which is an organization
which was established to protect the community against attacks from APT32 has been working
with its intelligence team and they have found below cases to have been linked to APT32. The
attacks were aimed at manufacturing sectors, security networks, media, consumer products,
banking, information infrastructure and hospitality industries which have interests in extending
their operations into Vietnam. These attacks were very specific to targeting those companies and
corporations which were interested in extending their business into Vietnam territories. APT32
also have interest in political and foreign governments (Carr, 2017).
According to the security intelligence from agencies such as FireEye, they have been constantly
investigating cases of security threats to their clients and they found out that their clients had
been constantly been attacked by APT32 and the reason or motive behind the attack has not been
clearly stated because there are no traces of the motives or leads to them. However, according to
the hypotheses on the APT32 attacks, it was established that all the targets had projects or issues
with the Vietnam state. This leaves a lot of questions unanswered on why and how could
Vietnam engage such notorious group of attackers to access information? The information about
APT32 was found from deep analysis and investigation on the systems of the attacked targets.
private sector company operations in Southeast Asia (Carr, 2017).
(b) Who is the APT32 targeted towards and how was the information determined?
There are some cases of cases that have been reported on attacks by use of malware which have
been traced to belonging to APT32 group which has the nickname OceanLotus. This group of
hackers started to engage in their operations in 2012 and since then, many cases of their malware
attacks have been reported locally and also internationally. FireEye which is an organization
which was established to protect the community against attacks from APT32 has been working
with its intelligence team and they have found below cases to have been linked to APT32. The
attacks were aimed at manufacturing sectors, security networks, media, consumer products,
banking, information infrastructure and hospitality industries which have interests in extending
their operations into Vietnam. These attacks were very specific to targeting those companies and
corporations which were interested in extending their business into Vietnam territories. APT32
also have interest in political and foreign governments (Carr, 2017).
According to the security intelligence from agencies such as FireEye, they have been constantly
investigating cases of security threats to their clients and they found out that their clients had
been constantly been attacked by APT32 and the reason or motive behind the attack has not been
clearly stated because there are no traces of the motives or leads to them. However, according to
the hypotheses on the APT32 attacks, it was established that all the targets had projects or issues
with the Vietnam state. This leaves a lot of questions unanswered on why and how could
Vietnam engage such notorious group of attackers to access information? The information about
APT32 was found from deep analysis and investigation on the systems of the attacked targets.
What types of malware are part of the APT32 and what does each malware do?
Malware is a software designed by cyber attackers mainly to launch attacks on the computers,
servers, clients and computer networks. APT32 have their highly sophisticated malwares with
ever evolving technology due to the constant improvement in technology. They are known for
using phishing method in launching their attacks such as malicious emails, links and documents
which upon clicked by the user in any organization, state or company, there will launch their
malwares and get access into a system and may take full control of it or stay hidden but
watching on the operations inside the system.
There are some malwares which have been constantly been used by the APT32 group in their
attacks, these are WINDSHIELD, KOMPROGO, SOUNDBITE, BEACON and PHOREAL
software. These malwares are very complex and organized malwares such that they will exploit
any weakness in the system of the victim and get access into it without being noticed by the
employees (Rauti & Leppänen, 2017).
WINSHIELD
When phishing has gone through successfully, APT32 uses WINDSHIELD to attack the victim
in a very unique way whereby the victim can never notice. The main reasons why they use this
malware in most instances is because of the reason below;
It has been established that WINDSHIELD malware has command and control protocol (C2)
communications through Transmission Control Protocol raw sockets. It also has four configured
command and control whereby it is randomly chosen therefore enhances the speed of its
operation during an attack. The other feature of WINDSHIELD malware is that it has the
capability to control the registry and give access to the intruder. This malware can also gather all
Malware is a software designed by cyber attackers mainly to launch attacks on the computers,
servers, clients and computer networks. APT32 have their highly sophisticated malwares with
ever evolving technology due to the constant improvement in technology. They are known for
using phishing method in launching their attacks such as malicious emails, links and documents
which upon clicked by the user in any organization, state or company, there will launch their
malwares and get access into a system and may take full control of it or stay hidden but
watching on the operations inside the system.
There are some malwares which have been constantly been used by the APT32 group in their
attacks, these are WINDSHIELD, KOMPROGO, SOUNDBITE, BEACON and PHOREAL
software. These malwares are very complex and organized malwares such that they will exploit
any weakness in the system of the victim and get access into it without being noticed by the
employees (Rauti & Leppänen, 2017).
WINSHIELD
When phishing has gone through successfully, APT32 uses WINDSHIELD to attack the victim
in a very unique way whereby the victim can never notice. The main reasons why they use this
malware in most instances is because of the reason below;
It has been established that WINDSHIELD malware has command and control protocol (C2)
communications through Transmission Control Protocol raw sockets. It also has four configured
command and control whereby it is randomly chosen therefore enhances the speed of its
operation during an attack. The other feature of WINDSHIELD malware is that it has the
capability to control the registry and give access to the intruder. This malware can also gather all
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Network Security: Protecting the Integrity and Usability of Networking Services and Datalg...
|25
|1420
|50
Cyber Attacker of the Futurelg...
|12
|3220
|39
Cyber Security Threat Management | Assignmentlg...
|9
|2180
|85
Introduction to IT Threatslg...
|14
|3737
|236
Security and risks management Assignmentlg...
|11
|2707
|128
ITC595 - Information Security | Cyber attacklg...
|13
|2565
|126