Chinese government-linked hackers have tried to steal sensitive data from some three dozen manufacturing and technology firms in the US, Europe and Asia, security researchers said Wednesday, in findings that shed new light on Beijing’s alleged use of hacking to buttress its powerhouse economy.
Mandiant researchers, which first discovered the advanced persistent threat (APT) group in December 2019 and now tracks it as “UNC3524”, says that while the group’s corporate targets hint at financial motivation, its longer-than-average dwell time in a victim’s environment suggests an intelligence gathering mandate. In some cases, UNC3524 remained undetected in victims’ environments for as long as 18 months, versus an average dwell time of 21 days in 2021.
Researchers have discovered hundreds of thousands of databases exposed to the public-facing internet over the past year, putting them at risk of compromise, according to Group-IB.
It claimed to have found 399,200 exposed databases in this way from Q1 2021 to Q1 2022 and 308,000 in 2021. The number increased by 16% from the first to the second half of the year.
Organisations impacted by insider threats now spend an average of $15.4 million in response, up from 34 percent. As if this weren’t damaging enough, around a fifth of insider threats lead to credential theft, the cost of which has increased by an incredible 63 percent since 2020, now standing at $4.6 million per year.
A malicious insider threat, also known as a “Turncloak”, is deliberately and intentionally committed by an insider actor who is either a former or current employee or business associate to affect the company negatively.
The perpetrators of malicious insider threats do this by using allocated privileges to explore and leak confidential information about the organization.
As a business owner, some indicators can help you detect malicious insider threats at an early stage. These include a history of misused data or information in a previous workplace, personality conflicts with coworkers, forgery of hiring information, and official records of past detainment for hacking or security defilement.
The Winnti group, also known as APT41, was able to hide itself for years inside a corporate network and steal a massive cache of valuable data from the target. Cybereason said the attack was noteworthy for its longevity and the amount of data collected on not only the target, but its partners and clients.
“With years to surreptitiously conduct reconnaissance and identify valuable data, it is estimated that the group managed to exfiltrate hundreds of gigabytes of information,” Cybereason said in a blog post published Wednesday. “The attackers targeted intellectual property developed by the victims, including sensitive documents, blueprints, diagrams, formulas, and manufacturing-related proprietary data.”