FireEye Says China-Based Hacker Group Now Targeting Firms in India

Advertisement
By Indo-Asian News Service | Updated: 10 April 2017 17:37 IST

Raising an alarm for the IT service providers and manufacturing companies in India, US-based cyber-security group FireEye has claimed that a new set of tools is being used by China-based cyber espionage group APT10 to steal confidential business data from domestic firms to support Chinese corporations.

FireEye has been tracking APT10 since 2009 and they have historically targeted construction, engineering, aerospace, telecom firms and governments in the US, Europe and Japan.

Advertisement

"IT services have been a core engine of India's economic growth, with service providers here scaling the value chain to manage business-critical functions of top global organisations. Campaigns like this highlight risks which all organisations should factor into their operations," said Kaushal Dalal, Managing Director, FireEye, India, in a statement on Monday.

APT10 activity has included both traditional spear phishing and access to victim's networks through service providers.

Advertisement

Service providers have significant access to customer networks, enabling an attacker who had compromised a service provider to move laterally into the network of the service provider's customer.

"Targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations," said FireEye in an earlier blog post.

Advertisement

In addition, web traffic between a service provider's customer and a service provider is likely to be viewed as benign by network defenders at the customer, allowing the attacker to exfiltrate data stealthily.

APT10 unveiled new tools in its 2016/2017 activity.

Advertisement

"HAYMAKER" and "SNUGRIDE" have been used as first-stage backdoors, while "BUGJUICE" and a customised version of the open source "QUASARRAT" have been used as second stage backdoors.

These new pieces of malware show that APT10 is devoting resources to capability development and innovation.

HAYMAKER is a backdoor that can download and execute additional payloads in the form of modules. BUGJUICE, also a backdoor, executed by launching a benign file and then hijacking the search order to load a malicious dll into it.

That malicious dll then loads encrypted shellcode from the binary, which is decrypted and runs the final BUGJUICE payload.

BUGJUICE defaults to TCP using a custom binary protocol to communicate with the C2, but can also use HTTP and HTTPs if directed by the C2. It has the capability to find files, enumerate drives, exfiltrate data, take screenshots and provide a reverse shell.

SNUGRIDE communicates with its C2 server through HTTP requests. Messages are encrypted using AES with a static key.

The malware's capabilities include taking a system survey, access to the filesystem, executing commands and a reverse shell. Persistence is maintained through a Run registry key, the post added.

QUASARRAT is a fully functional .NET backdoor that has been used by multiple cyber espionage groups in the past.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. iPhone 18 Pro Max Might Arrive With Apple's Biggest Battery Yet
  2. Vivo X500 Camera Details Surface Online After X500 Pro Max Leaks
  3. Huawei Band 11 Series Over 100 Workout Modes Debuts in India: See Price
  4. Amazon Prime Day Mobile Offers 2026: Best Deals on OnePlus, Nothing and More
  5. Nokia 235 4G (2026), 215 4G (2026) Launched; Nokia 210 4G, 200 4G Tag Along
  6. Asus Vivobook 15 (2026) Launched in India Ahead of Amazon, Flipkart Sale Events
  7. Flipkart GOAT Sale: Top Early Deals on Smartphones, Tablets and More
  1. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  2. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  3. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  4. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  5. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  6. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  7. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  8. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  9. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
  10. Redmi 17 5G NCC, SIRIM Certification Listings Reportedly Reveal Battery and Charging Details
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.