Chinese hacking group named ‘Winnti’ has been reportedly stealing intellectual data such as patents, copyrights, source codes, and other classified information from companies operating in Europe and North America.
APT41 cyberespionage group dubbed Winnti Malware is a sophisticated group of hackers that has been conducting espionage on companies operating in East Asia, Western Europe, and North America since 2019.
Meaning, that the hacking group has been secretly spying on the company’s digital infrastructure without being noticed all these days.
Cybersecurity firm Cybereason has analyzed and disclosed the activities to the world on a recent note and gave the operation the name of ‘ Operation CuckooBees’. This threat gang starts its operations by exploiting known or zero-day vulnerabilities and after gaining a foothold in a network, it starts reconnaissance by using Windows commands like Net start, Net User, and Dir c: that offer alerts if any suspicious activity takes place in windows OS in disguise of running batch files in a scheduled task mode.
It then steals passwords and stores all such information using the ‘reg save’ command and starts extending this scheme to other files by exploiting Windows Scheduled Tasks.
To conduct data exfiltration, hackers use a portable command-line WinRAR app with a valid digital signature and then utilize the “rundll32.exe” for execution.
Because of the complexity, its capability of remaining undetected, and sophistication-driven reconnaissance, the US Department of Justice is finding it hard to track these criminals and indict them on various cyberattack campaigns.