Weekly Comments

8 - 15 January 2019

This week we received reports on two prominent APT groups – APT 10 and an unnamed group with connections to Iran.
This week we received reports on two prominent APT groups – APT 10 and an unnamed group with connections to Iran. Cybersecurity researchers said that APT 10, a hacking group based in China, was likely involved in a hacking incident targeted at the Japan Business Federation in 2016 that leaked internal data regarding policy recommendations, names of internal committees, and email exchanges with public officers and member companies. The type of virus and servers used in the attack on the federation were identical to those used in past attacks attributed to APT 10. In December 2018, Japan had criticised APT 10 over cyberattacks targeting its government, companies and academic institutions.

Researchers also identified a wave of DNS hijacking attacks performed by an unnamed group with connections to Iran. The group has been hijacking domains belonging to government, telecommunications and internet infrastructure entities across the Middle East, North Africa, Europe, and North America. Initial technical evidence suggests that the attacks are carried out by individuals based in Iran and align with Iranian government interests. Researchers are unable to determine a single intrusion vector for each DNS record change, and it is likely that the group uses multiple techniques to gain an initial foothold in each targeted system.

We advise organisations to stay vigilant of advanced persistent threats and subscribe to threat intelligence services to be informed of the latest threats and vulnerabilities. We also recommend organisations to understand the cyber kill chain that illustrates the various stages of an APT attack and adopt the relevant security measures to defend against each attack stage. It is also important to test your network regularly either on your own or by hiring external professionals. 

[1] Experts say China hackers 'APT10 Group' likely behind attack on major Japanese business lobby in 2016
[2] Global DNS Hijacking Campaign: DNS Record Manipulation at Scale

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence