LM NEWS 24
LM NEWS 24

US Firm Uncovers Chinese Espionage Operation ‘Cuckoobee’

By LokMarg
0

A global cyber espionage campaign dubbed “OperationCuckooBees” has been uncovered, targeting manufacturers across North America, Europe and Asia in the Defense, Energy, Aerospace, Biotech and Pharma industries.

According to Boston based company Cybereason, this is one of the largest IP theft campaigns of its kind coming from China.

Cybereason last month published new research on Operation CuckooBees, a 12-month investigation into Winnti Group’s global cyber espionage campaign targeting manufacturers across the world.

“Operation Cuckoo Bees research is the culmination of a 12 month investigation that highlights the intricate and extensive efforts of the Chinese state-sponsored Winnti Group (APT 41) to abscond with proprietary information from dozens of global organizations. The most alarming revelation is that the companies weren’t aware they were breached, going some as far back as at least 2019, giving Winnti free unfiltered access to intellectual property, blueprints, sensitive diagrams and other proprietary data,” said Lior Div, Cybereason CEO and Co-founder.

During its investigation, Cybereason discovered that Winnti conducted Operation CuckooBees undetected since at least 2019, likely siphoning thousands of gigabytes of intellectual property and sensitive proprietary data from dozens of companies.

Cybereason published two reports, the first examining the tactics and techniques of the overall campaign, and the second providing a detailed analysis of the malware and exploits used.

Based on the analysis of the forensic artifacts, Cybereason estimates with medium-high confidence that the perpetrators of the attack are linked to the notorious Winnti APT group. This group has existed since at least 2010 and is believed to be operating on behalf of Chinese state interests and specializes in cyber espionage and intellectual property theft.

Other key findings include the discovery of a sophisticated and elusive cyber-espionage operation with the goal of stealing sensitive proprietary information from technology and manufacturing companies mainly in East Asia, Western Europe, and North America.

The reports expose a previously undocumented malware strain called DEPLOYLOG used by the Winnti APT group, and highlights new versions of known Winnti malware, including Spyder Loader, PRIVATELOG, and WINNKIT.

The reports include an analysis of the complex infection chain that led to the deployment of the WINNKIT rootkit composed of multiple interdependent components.

According to the report, the attackers implemented a delicate “house of cards” approach, where each component depends on the others to execute properly, making it very difficult to analyze each component separately.

“The security vulnerabilities that are most commonly found in campaigns such as Operation CuckooBees are exploited because of unpatched systems, insufficient network segmentation, unmanaged assets, forgotten accounts and lacking multi-factor authentication products. Although these vulnerabilities may seem be easy to fix, day-to-day security is complex and it’s not always easy to implement mitigations at a grand scale. Defenders should follow MITRE and/or similar frameworks in order to make sure that they have the right visibility, detection and remediation capabilities in place to protect their most critical assets,” added Div. (ANI)

MORE LM NEWS 24
Mahadevan, Kailash, Shaan Among Others To Perform At Maha Kumbh
All Alleged Nijjar Killers Released, BC Justice Documents Reveal
10,000 ‘Swarnim Bharat’ Architects Invited to R-Day Parade 2025
HAL To Decide On ALH Dhruv Fleet Clearance By Saturday
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
MORE news
Military Might On Kartavya Path
Farmers Hold Bharat Bandh
Watch – ‘Vaccination Was Smooth, Very Well Managed’
Clouds Appear Over NCR

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Privacy Settings
I accept I decline
Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

Necessary Functional Performance/Analytics Social
These cookies are essential in order to enable you to move around the website and use its features. Without these cookies basic services cannot be provided.
PHPSESSID
Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.
  • PHPSESSID
wordpress_test_cookie
Used on sites built with Wordpress. Tests whether or not the browser has cookies enabled
  • wordpress_test_cookie
Technical Cookies
In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec
Decline all Services
Accept all Services
0
Would love your thoughts, please comment.x
()
x