A group of hackers Chinese has caused chaos for government organizations in several different countries over the past three years, reveals a new report. The group called group Calypso APT (or Advanced Persistent Threat) is active since 2016. As discovered by corporate security company Positive Technologies, the group targets state institutions in India, Brazil, Kazakhstan, Russia, Thailand and Turkey.
How the group attack works Calypso APT?
The attacks worked by breaking into the perimeter of an organization's systems, using utilities and malware to gain access to the internal network. Once inside, the hackers could move through the system in two ways: exploiting vulnerabilities in the Remote Code Execution or using stolen credentials.
With this method, the attack group was able to successfully damage government organizations in all targeted countries. THE Positive Technologies attributed the group's success to the use of widely available public tools: “These attacks were successful because most of the utilities the group uses to move around the network are widely used by experts everywhere for network administration. The group used publicly available utilities. and explore tools like SysInternals, Mimikatz, EternalBlue e EternalRomance ".
A Positive Technologies believes that the group Calypso APT is Chinese speaking due to the use of PlugX malware, a favorite tool among the Chinese groups as well as the Trojan Byeby. In addition, he discovered some real IP addresses of hackers which were tied to Chinese providers.