Skip to main content

New APT attack targets executives

(Image credit: Image Credit: JMiks / Shutterstock)

A large-scale APT security attack has started targeting one of the biggest Asian global corporations.

The cyber-threat in question is called Operation Cobalt Kitty aiming to steal proprietary business information, according to Cybereason Labs (opens in new tab), the security firm which discovered the threat.

It was deployed by a group dubbed the OceanLotus Group, aka APT-C-00, SeaLotus, and APT32, aimed for figures in top-level management, with vice presidents, senior directors and other key personnel in the operational departments all targeted.

Using spear-phishing as the initial penetration vector, the group managed to infect more than 40 computers on the network, including the domain controller, file servers, Web application server and database server.

Cybereason Labs says the group is fairly advanced. It used some modified publicly available tools, but also some that they probably built themselves for this purpose, as they were undocumented.

It frequently changed tools, techniques and procedures, allowing them to stay undetected for quite some time, probably a year before Cybereason was deployed. More than 80 payloads were observed, all of which were undetected by traditional security products deployed in the company at the time of the attack.

Cybereason also seems to believe that the recently spotted Backdoor.Win32.Denis belongs to the same group as well. 

Image Credit: JMiks / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.