A cyber group allegedly originating from China had targeted more than 20 Russian companies and state structures for several years, with the goal of stealing information, Kommersant writes citing a report by Positive Technologies and Kaspersky Lab.
The cybersecurity companies found the group had been operating for at least nine years. Codes used by the perpetrators include the names of Chinese software developers, and during some attacks, the hackers used IP-addresses from China, the report says.
In all cases, the group employed similar scenarios and tools, Positive Technologies said. The group was labeled TaskMasters as it created certain tasks in a task planner, which makes it possible to perform executive directives and launch a software at a certain moment. After entering a local network, the hackers would study the infrastructure and vulnerabilities and upload malicious software, using it for espionage, according to Alexei Novikov, director of the expert security center at Positive Technologies.
Kaspersky Lab says it has been tracking the activity of this group, which it calls BlueTraveler, since 2016. Major targets of its attacks are state structures, namely from Russia and former Soviet states, the company notes, confirming that the hackers speak Chinese.
The breaches by the Chinese hackers use sophisticated techniques and can remain unnoticed by antiviruses and information security services for years. Hackers upload gigabytes of information, files, documents and designs on their servers, says Rustam Mirkasymov, head of the department for Dynamic Analysis of Malicious Code at Group-IB.
The usage of a task planner is a popular method, which is also linked to Cobalt and MoneTaker groups attacking the banking sector, he noted.