Transport

International Aviation Agency Conceals Serious Hack

26 February - 5 March 2019

The International Civil Aviation Organization (ICAO) apparently suffered a large-scale cyberattack in 2016 that affected its web and email servers.
Cyber_News_Transport
The International Civil Aviation Organization (ICAO) apparently suffered a large-scale cyberattack in 2016 that affected its web and email servers. The credentials for the domain and system administrator accounts as well as 2,000 ICAO system users were also stolen during the incident. The attack is said to be carried out by a highly adaptable cyber espionage group known as APT27 (aka Emmissary Panda, LuckyMouse and Bronze Union). APT27 is believed to be operating out of China and is prolific in using watering hole techniques to deliver malware. In campaigns observed in 2018, the group deployed upgraded versions of the publicly available ZxShell remote access tool (RAT) and Gh0st RAT. For more complex intrusion scenarios, the group used proprietary RATs such as SysUpdate and HyperBro that can evade traditional signature-based detection. APT27 also leverages on "Living-off-the-Land" techniques to elevate privileges and overcome security controls in the compromised systems. As the group is technically capable, it is expected to evolve its tools and techniques to ensure effectiveness in future campaigns. 

References:
[1] ICAO Tried to Hide a Cyberattack in Montreal
[2] A Peek into BRONZE UNION’s Toolbox
[3] State of the [BRONZE] UNION Snapshot

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence