The Bull

Thursday 17

January, 2019 3:59 PM



Chinese hackers target Australian firm

Chinese hackers target Australian firm

The Australian Cyber Security Centre has released a case study of how one Australian construction firm was targeted by Chinese hackers.

Share |

By AAP 21.12.2018 01:26 PM

HOW THE CHINESE HACKED AN AUSTRALIAN COMPANY

* In March 2017, the Australian Cyber Security Centre received a report that a computer belonging to the Australian arm of a multinational construction services company was hit with malware known to be used by Chinese hackers working for the APT10 group.

* The malware was a version of the well-known "PlugX" remote access tool (RAT). The hackers used a legitimate administrator account within the company's managed service provider to remotely connect into the company's network and install the RAT.

* The hackers then accessed sensitive data and commercial secrets.

* It was discovered the first hack attempt on the company had occurred in September 2016, when within the space of 25 seconds PlugX malware was installed under the innocent-sounding name "Corel Writing Tools Utility".

* Over the next two months more PlugX malware was installed, using the name "Quick CreateInstall Installer".

* Data then began to be gathered by the hackers and stored in text files.

* Three weeks after the ACSC received its report, it was noticed a new piece of malware known as RedLeaves was installed, which security experts believe was a response to the hacking being reported.

* In May 2017, the hackers deleted evidence from the initial host computer.

* The affected company was advised to take a range of security steps including: regularly patching its software, restricting administrative privileges, using multi-factor authentication (such as a hardware 'token'), setting aside a specific workstation for sensitive tasks, and segregating computer networks.

Archive
Markets
Index: Points Change Percent

PLEASE SUPPORT OUR SPONSORS, AUSTRALIA'S LEADING BROKERS:



© Copyright TheBull.com.au. All rights reserved.