U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber warfare

Confidential documents from Japanese politics stolen by malware

Last December Japan Aerospace Exploration Agency was hit again by malware  that stolen secret information on newest rockets from an internal computer, it was not first time for the Japanese agency that was already victim of a cyber attack having same purpose, cyber espionage to obtain information on another technological advanced project related to the […]

Confidential documents from Japanese politics stolen by malware

Last December Japan Aerospace Exploration Agency was hit again by malware  that stolen secret information on newest rockets from an internal computer, it was not first time for the Japanese agency that was already victim of a cyber attack having same purpose, cyber espionage to obtain information on another technological advanced project related to the design of an unmanned vessel that ferries cargo to the International Space Station, the “H-2 Transfer Vehicle”.

Not only the industry is target of the offensives,  also internal politic class of the country is subject to continuous attacks, once again Japan ministry computers were infected by malware that suspected to have stolen more than 3,000 confidential documents,  many on global trade negotiations including the US-led Trans-Pacific Partnership multilateral trade pact.

The National Information Security Center of the Cabinet Secretariat traced anomalous outwards connections that used HTran tool.

Forensics experts discovered during the investigation that the attackers used “HTran” the Advanced Persistant Threat (APT) exploit kit to infect computers at country’s Ministry of Agriculture, Forestry and Fishery.

Dell’s security team reported that the authors of the malware are Chinese and it dated malware creation back to 2003, Dell Securwork post on the agent states:

“HTran (aka HUC Packet Transmit Tool) is a rudimentary connection bouncer, designed to redirect TCP traffic destined for one host to an alternate host. The source code copyright notice indicates that HTran was authored by “lion”, a well-known Chinese hacker and member of “HUC”, the Honker Union of China. The purpose of this type of tool is to disguise either the true source or destination of Internet traffic in the course of hacking activity.

Source code can be readily found on the Internet:

http://read.pudn.com/downloads199/sourcecode/windows/935255/htran.cpp__.htm 

The principal use for HTran is the camouflage of Command &Control (C&C) servers to hinder the discovery of the origin of the attack, so far the perpetrators of the attacks have not yet been identified.

For your information following is reported the list of the attacks that hit Japanese industries and institutions from 2011, personally I consider that the number of attacks is higher and due to the nature of the offensive many of them haven’t been discovered. These are without doubts cyber espionage operations, state-sponsored attacks, for which usually are used zero-day exploits to elude defense systems of the victims.

Many attacks were originated from China, the most active country in cyber espionage, the Elderwood project is the demonstration that groups of hackers are exploiting zero-day vulnerabilities to steal sensible information and to compromise control systems inside critical infrastructures.

 

     
Mitsubishi Heavy Industries (defense contractor) August 2011 Companies networks infected by malware that sent outside information on defense systems.
Japan’s lower house of parliament October 2011 cyber espionagecampaign originated from China exposed sensible information at least a month.The infection was possible thanks phishing campaign against Lower House member started in July. Also in this case a malware was used for the attack.
Japan Aerospace Exploration Agency January 2012 Malware infected a data terminal at Japan’s space agency stealing sensitive information including data related to H-2 Transfer Vehicle
The Japanese Finance Ministry July 2012 The Japanese Finance Ministry declares that its computers have been infected with a virus in the from 2010 to 2011 causing leaks of information.

 

Pierluigi Paganini

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cerber 5.0, ransomware)