Malicious Life Cuckoo Spear [B-Side]
Nov 20, 2024
Jin Ito and Loic Castel, incident response engineers at Cybereason, dive into the dark world of cybersecurity threats. They discuss APT-10, a Chinese hacking group targeting Japanese organizations, focusing on their sophisticated LoadInfo and newly discovered NoopDoor malware. The duo reveals how NoopDoor uses advanced persistence techniques for stealthy infiltration. They also detail infiltration strategies like spear phishing and the use of Domain Generation Algorithms, emphasizing the evolving landscape of cyber threats and the need for adaptive defenses.
AI Snips
Chapters
Transcript
Episode notes
Cuckoo Spear Campaign
- APT-10, a Chinese nation-state threat actor, has targeted Japanese companies using LoadInfo malware since at least 2019.
- CyberReason researchers linked APT-10 to a new malware, NoopDoor, after investigating detections at a new customer.
Malware Persistence
- LoadInfo maintained persistence using Windows mechanisms like Task Scheduler, MSBuild, and WMI.
- NoopDoor loads shellcode from the registry, encrypted based on unique system identifiers.
Initial Access Techniques
- APT-10 used spear-phishing, often with COVID-19 pretexts, for initial access.
- Later attacks exploited vulnerabilities in VPN and firewall solutions popular in Japan.