New APT attack targets executives

A large-scale APT security attack has started targeting one of the biggest Asian global corporations.

The cyber-threat in question is called Operation Cobalt Kitty aiming to steal proprietary business information, according to Cybereason Labs, the security firm which discovered the threat.

It was deployed by a group dubbed the OceanLotus Group, aka APT-C-00, SeaLotus, and APT32, aimed for figures in top-level management, with vice presidents, senior directors and other key personnel in the operational departments all targeted.

Using spear-phishing as the initial penetration vector, the group managed to infect more than 40 computers on the network, including the domain controller, file servers, Web application server and database server.

Cybereason Labs says the group is fairly advanced. It used some modified publicly available tools, but also some that they probably built themselves for this purpose, as they were undocumented.

It frequently changed tools, techniques and procedures, allowing them to stay undetected for quite some time, probably a year before Cybereason was deployed. More than 80 payloads were observed, all of which were undetected by traditional security products deployed in the company at the time of the attack.

Cybereason also seems to believe that the recently spotted Backdoor.Win32.Denis belongs to the same group as well. 

Image Credit: JMiks / Shutterstock