Buckeye the APT3 Group Changing Targets Towards Hong Kong
Buckeye a cyber-espionage gang whose other names are Gothic Panda, APT3, TG-0110 and UPS Team has been into existence since long executing hacks over a minimum of 7-year period. Allegations are that Buckeye utilized Backdoor.Pirpi, name of one RAT (Remote Access Trojan) within assaults on an America situated organization's PC-network during 2009.
Specifically, according to the majority of security vendors, the gang believed as based in China's borders, long back was targeting entities within UK and US.
Starting August 2005, according to FireEye initially and later from a revelation by Symantec, the Buckeye group shifted operations from USA primarily, to Hong Kong. Softpedia.com posted this dated September 7, 2016.
More elaborately according to Symantec, since 2015, the security company's software programs detected a minimum of 82 organizations worldwide which contracted infection from traditionally associated APT3 malware and other tools for hacking, most significantly the Pirpi RAT along with different customized tools of open-source kind.
Essentially till about the middle of 2015, Buckeye historically attacked American organizations, while to some fewer numbers British organizations. The gang down its period of operation sometimes exploited 0-day vulnerabilities, more particularly within Flash and Internet Explorer which symbolizes Buckeye to have better resources than other APT groups growing in numbers.
Moreover, Symantec says APT3 enforced real hacking tools so it could gain control over its targets followed with uploading out desired data.
Among the various malware tools Symantec researchers uncovered the notable ones are Pirpi RAT, RemoteCMD (tool that issues instructions on remote computers), keyloggers, the password dumper PwDumpVariant, ChromePass the password dumping program in Chrome, OSInfo (tool for garnering system information), and Lazagne (the browser, e-mail client, code repo, chat, and database supporting password dumper).
Symantec further explains in a report detailing Buckeye's activities that it utilized spear-phishing electronic mails containing malware-laced zipped archives as attachments.
Buckeye the APT3 group apparently attacks print and file servers that indicate it's seeking for grabbing documents. This along with its exploitation of 0-day security flaws, use of customized tools, as well as organizations of varied kinds it targeted show Buckeye to be certain state-sponsored online spying syndicate.
» SPAMfighter News - 9/13/2016