There is no ranking of hacking organizations, just look at t
I do n’t produce money, but I ’m a porter of money. Have you ever seen hackers specifically targeting ATMs? Some hackers are for money, and some hackers are "patriotic", but other countries are angry. You can be patriotic. The country's nuclear industry has a black hand! Some hackers have a strong taste, such as insurance, consulting, mining, steelmaking, retail, and construction companies. . . . Don't miss one. Researchers at the Singapore-based cybersecurity company Group-IB were embarrassed and dug up a bunch of hacking organizations that showed very little “control” during the second half of 2018 and the first half of 2019. Their infiltration methods have become rich and diverse, and cyber attacks have gone straight to the clear.
New rival RedCurl
In 2019, a new hacking group called RedCurl started to emerge. They are both spies and financial theft, and the attack range is wide, and insurance, consulting, mining, steelmaking, retail and construction companies can't run. Group-IB said that the hacking technology behind RedCurl is superb and very difficult to trace. RedCurl can always hide itself mainly because they use legitimate services to communicate with their command and control (C2) server.
In order to do wrong, hackers rely heavily on custom Trojans. After they succeed, their first task is to steal the important documents of the victim, and then install XMRIG to mine (Monero) with your computing power. Of course, RedCurl does not receive all documents as a single order. They prefer information such as agreements, payments, and contracts. Unlike previous extensive attacks, RedCurl's opponent is quite professional in phishing attacks. They will tailor specific information to different victims so that they can have a higher success rate. Right now, the true face of RedCurl is not clear enough, and no one knows whether they are cybercriminal organizations or attack teams organized by a certain country. However, Group-IB is still trying to find clues by looking at tools, techniques and techniques. Most of the victims of RedCurl are in Eastern Europe, but there is also a company in North America. Judging by the predictions used in the bait files and the email services used by hacker groups, at least one of them speaks Russian.
Everything looks for money
Group-IB has identified five active cybercrime organizations targeted at financial institutions. Three of them (Cobalt, Silence, MoneyTaker) all speak Russian. At the same time, these organizations are also the most skilled at controlling ATMs with Trojans. The other two organizations, Lazarus and SilentCard, are from Kenya. They specialize in African banks, and although they are technical, they have been quite successful.
Hacking organizations dedicated to banks
It is true that there are still many criminal organizations threatening the financial sector on the Internet, but Group-IB believes that these five can cause very serious damage. These organizations usually spend a lot of time on compromised networks to learn the tricks, so they can manage financial operations like the victims they are monitoring. Group-IB's map of cyber attacks shows that, whether successful or not, these organizations have entered an active period since the second half of 2018, and they have made big moves almost every month.
We don't have detailed information about SilentCard at this time, but researchers have determined that the organization operates locally in Kenya and they have successfully completed two thefts. With the only malware sample, Group-IB guessed that SilentCard used a self-developed control device when attacking the company's network.
Hackers with national support
In addition to these network tumors, hackers (also known as APT organizations) with the government behind them have also been busy in recent years. Group-IB lists 38 active organizations in the report, 7 of which are new cyber espionage organizations that emerged this year. Although some new organizations only showed up last year, they actually started early, dating back to 2011.
One of them is Windshift, and DarkMatter also analyzed its tools and strategies in August last year. However, they started as cyber spies in 2017, spying on government employees and critical infrastructure in the Middle East. Blue Mushroom (alias Sapphire Mushroom and APT-C-12) is a hacker organization officially launched in 2011, but their stealth mode was broken in the middle of last year. This organization is even harder, they specialize in nuclear industry and scientific research institutions. Gallmaker is also an APT organization that won't catch the braids until 2018. Symantec believes that they will officially become an army by the end of 2017. It is reported that Gallmaker relied mainly on home-made tools to launch attacks on government and military targets.
A report from Qihoo 360 earlier this year revealed that the South American hacker group named APT-C-36 (also known as Blind Eagle) has been involved in the theft of trade secrets by important companies and government agencies. The hacking group named Whitefly mainly focuses on Singapore's medical, media, communications and engineering companies. They started operations in 2017 and became "famous" last July for attacking Singapore's largest public health agency. At the time, 1.5 million people The patient's information was stolen. Hexane and Lyceum are only interested in critical infrastructure in the Middle East, and they officially broke out of stealth in August of this year. SecureWorks recently announced the organization's specific technical approach to hacking. The seventh APT organization, TajMahal, has only just begun to emerge, and little information is available on them. Kaspersky found that their attack framework is quite advanced. A suite alone contains 80 modules. TajMahal used it to break the defense of a Central Asian diplomatic agency.
Cyber warfare upgrade
For political leaders and military operations, cyber security has become the board on the wooden tube, and no one dares to take it seriously. Judging from the current situation, the hackers have taken off their invisibility clothes, and they have begun to fight shirtless. For this reason, government agencies also have to step up the upgrade of digital tools in case of accidents. As for retaliation against the enemy through cyber attacks, it has become a daily means recently. For example, this summer the United States attacked Iran's weapon system (retaliation against Iran for shooting down U.S. military drones). Group-IB CTO Dmitry Volkov pointed out that 2018 made us realize how vulnerable the cyber world is to bypass attacks, and the theme for 2019 is covert military operations in cyberspace.
keasysoft Online Lottery software development adheres to the service concept of making purchases more and more convenient and making services more and more perfect. After 8 years of continuous improvement of product functions and improvement of product advantages,keasysoft Lottery development we have been committed to the "industry digital experts" brand concept, focusing on Development and research of lottery systems. The unique advanced product development model ensures the success of each product of the customer from the three aspects of early demand collection, parallel development and after-sales service. Adhering to the business mission of "creating value for customers", based in Hangzhou, serving the world.