More Evidence of APT Hackers-for-Hire Used for Industrial Espionage

August 27, 2020

Executive Summary

Bitdefender researchers recently investigated a sophisticated APT-style cyberespionage attack targeting an international architectural and video production company, pointing to an advanced threat actor and a South Koreanbased C&C infrastructure.

As per reports in the past, APT mercenary groups have been used for cyberespionage by private competing companies seeking financial information or negotiation details for high-profile contracts. This attack likely falls under the same category. APT mercenary groups have been known to offer their services to the highest bidder, deploying sophisticated attacks and powerful cyberespionage tools against their contracted victims. The StrongPity APT group is one such example that Bitdefender investigated recently. The group, which has been known to target select victims, was recently associated with a potential Turkish military operation.

The commoditization of APT-level hackers-for-hire could potentially entice rival luxury real-estate investors involved in multi-billion-dollar contracts to seek these services to spy on their competition by infiltrating their contractors. Industrial espionage is nothing new and, since the real-estate industry is highly competitive, with contracts valued at billions of dollars, the stakes are high for winning contracts for luxury projects and could justify turning to mercenary APT groups for gaining a negotiation advantage.

The targeted company is engaged in architectural projects with billion-dollar luxury real-estate developers in New York, London, Australia and Oman. With offices in London, New York, and Australia, the company’s customers and projects involve luxury residences, high-profile architects and world-renowned A-list interior designers. The sophistication of the attack reveals an APT-style group that had prior knowledge of the company’s security systems and used software applications, carefully planning their attack to infiltrate the company and exfiltrate data undetected.

The Bitdefender investigation revealed the cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max (popular software widely used in 3D computer graphics). The investigation also found that the Command and Control infrastructure used by the cybercriminal group to test their malicious payload against the organization’s security solution, is located in South Korea.

During the investigation, Bitdefender researchers also found that threat actors had an entire toolset featuring powerful spying capabilities. Based on Bitdefender’s telemetry, we also found other similar malware samples communicating with the same command and control server, dating back to just under a month ago. Located in South Korea, United States, Japan, and South Africa, it’s likely the cybercriminal group might have also been targeting select victims in these regions as well.

Publisher's website.

Price: FREE

About the Provider

No data was found


APT, Cybercriminal, Cyberespionage Attack, Security Systems