Russia, China backed hackers executed 46% APT attacks in Q3 2021: Report

Cybercriminals backed by Russia and China were responsible for 46% of all advanced persistent threats (APT) in Q3 2021, shows a new report by Trellix, an IT and cybersecurity company. Finance was the most targeted sector accounting for close to 40% of all observed APT activity, followed by utilities, retail and government sectors. 

APT is an attack campaign in which attackers infiltrate a system or network to gain a long-term presence to steal highly sensitive data or sabotage critical infrastructure. Its widely used to target large organisations or governments. 

According to Trellix, in 33% of the APT activities, Cobalt Strike was detected. Cobalt Strike is an adversary simulation tool that is also used to carry out targeted attacks. Though developed for pen testing to emulate threat activity, Cobal Strike is now widely used by hacker groups, many of which are linked to Russia and China.  

According to cybersecurity firm Proofpoint, its misuse increased by 161% between 2019 and 2020 and it was one of the high-volume threats throughout 2021 and in several of these activities. It was also used by hackers to exploit the Log4Shell vulnerability that was detected last year in the widely used open-source logging software Apache Log4j. 

Also read: Weak security controls push 50% rise in cyberattacks in 2021: Report

Trellix findings show that the technique used to execute many of the APT attacks were highly advanced and were similar to the ones used by deeply skilled APT adversary groups to bypass security controls. Also, in over 25% of the APT activities, Trellix detected a post-exploitation tool called Mimikatz, which is widely used to gain admin-level access over a network or device. 

Nation state-backed cybercriminal groups with links to Russia and China have been quite active during and after the pandemic. Chinese hacker groups have been quite active in planning attacks on Indian organisations and government agencies since 2020 in retaliation to the border dispute between the two countries and the ban on several Chinese apps and games in India. 

Last week UK’s National Cyber Security Centre (NCSC) send out an alert to companies in the UK to step up security to counter a possible cyberattack by Russia backed hackers in retaliation for the warning issued by the UK, US and EU to Russia after it increased military presence on Ukraine border. 

Early this month, websites of several government websites of Ukraine were knocked out by cyberattacks. Ukraine has alleged that it has evidence that shows Russia was behind the cyberattacks.