Wednesday 5 November 2014

Researchers Identified Sophisticated Chinese Cyber Espionage Team

Collaboration between various security firms has thwarted one of the biggest and most sophisticated cyber espionage crew called the Axiom which is thought to be linked to China. This Axiom Threat Actor Group mostly targeted NGO and pro-democratic along with other individuals who are perceived as potential threat to China.

The Axiom Group

The group mostly targets pro-democratic NGOs in Asia along with industrial espionage by targeting organizations with influential energy policy and environmental policies. Also on the list is IT giants, chip makers, telecom companies and infrastructure providers.

The group mostly used phishing attack and malwares to get the job done. The typical attack seems more like a state-sponsored attack yet again. Their prime is the Hikit tool linked to an attack referred to as Deputy-dog attack, which famously used an IE zero day bug to attack Asian firms mostly.

The group seems to work relatively quietly and is thought to be more heavily funded than say APT1 crew (Shanghai based and PLA affiliated). According to Novetta, the group is active for 6 years, is highly disciplined and is well-resourced. The suspect that Chinese government is related is most certainly true.

The Collaboration and Solution

The attacks performed did not go unnoticed however and sooner rather than later, security firms started collaborating to bring it down. The coalition among the partner is led by Novetta along with Bit9, Cisco, F-Secure, ThreatTrack Security, iSIGHT Partners, Microsoft, FireEye, Tenable, ThreatConnect, Volexity and other unnamed partners. Via Microsoft’s coordinated malware removal campaign, the coalition took its first public action called operation SMN.

Over 43k machines with Axiom tool installations have been removed from machines. Among them 180 were clear examples of Hikit – the last stage persistent and data exfiltration tool that is the peak of the Axiom victim’s lifecycle. This was perhaps the first of its kind from security firms to fight off potentially deadly state-sponsored threats to the whole world.

The Diplomacy 

China has clearly denied any involvement in Axiom. According to Chinese Embassy spokesman, such events and allegations judging from the past are fictitious and China has itself been on the wrong end of cyber espionage according to revelations by Snowden.

With 2 weeks to go before President Barrack Obama gives Beijing a visit, cyber security will be a high priority agenda to discuss. Washington has previously tried hard enough to pressurize China over issues of possible state-sponsored cyber warfare against the US but has failed to sustain it after the Snowden revelations.

Novetta however hopes that the example set by the coalition will be followed in future to fight cyber terrorism. However, it will be very stupid to think that Axiom is gone for good. The operation was more of a remediation than knock-out blow and chances are that Axiom will be back soon though with probably different tools and strategies this time around.

The group has amassed lots of technical data regarding the threat and its workings which will help in future in fighting against such groups.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.