Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Ambitious Attacks Against High Level Targets Continue

Symantec Threat Intelligence: Thrip: Ambitious Attacks Against High Level Targets Continue

Since Symantec first exposed the Thrip group in 2018, the stealthy China-based espionage group has continued to mount attacks in South East Asia, hitting military organisations, satellite communications operators, and a diverse range of other targets in the region.

The group has attacked at least 12 organisations, all located within South East Asia. Its targets have been located in Hong Kong, Macau, Indonesia, Malaysia, the Philippines, and Vietnam.

A diverse range of targets have been attacked over the past year, most notably military targets in two different countries. It has also attacked organisations in the maritime communications, media, and education sectors.

One of the most alarming discoveries we made in our original Thrip research was that the group had targeted a satellite communications operator and seemed to be interested in the operational side of the company, looking for and infecting computers running software that monitored and controlled satellites. Significantly, Thrip has continued to target organisations in the satellite communications sector, with evidence of activity dating to as recently as July 2019.

Much of this recent activity was uncovered by Symantec following the discovery of a Thrip tool, a backdoor called Hannotog which appears to have been used since at least January 2017. It was first detected in an organisation in Malaysia, where it triggered an alert for suspicious WMI activity with our Targeted Attack Analytics (TAA) technology, available in Symantec Endpoint Detection and Response (EDR).


Figure 1. Hannotag was first discovered when it triggered a Targeted Attack Analytics (TAA) alert for suspicious WMI activity

To read the full report please visit https://www.symantec.com/blogs/threat-intelligence/thrip-apt-south-east-asia


ends

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Marsden Pipeline Rupture: Report Calls For Supply Improvements, Backs Digger Blame

The report makes several recommendations on how the sector can better prevent, prepare for, respond to, and recover from an incident. In particular, we consider it essential that government and industry work together to put in place and regularly practise sector-wide response plans, to improve the response to any future incident… More>>

ALSO:

Oil Scare: Trump Authorises Use Of Emergency Crude Stockpile

The New Zealand dollar fell against the US dollar after President Donald Trump authorised the use of the country's emergency crude stockpile after the weekend attack on Saudi Arabia’s major oil facilities. More>>

ALSO:

Pre-Post-Brexit Deal Talks: UK Trade Minister Visits Wellington

New Zealand should get a better deal for exports of sheepmeat, beef and dairy products into the United Kingdom after Brexit, the British Minister of State for Trade, Liz Truss, said in Wellington today. More>>

ALSO:

Not-Very Well: Tamarind Halts Tui Drilling; OMV Assesses Options

Tamarind Resources has halted drilling at its Tui oil field off the Taranaki coast after the first of the three planned wells came up dry. Managing director Ian Angell says that despite the “unexpected” result from the first well, the firm believes the other two prospects are worth pursuing. More>>

ALSO:

Seeking 'Clarity': Crown To Appeal Southern Response Decision, Offers Costs

“It is our intention that the clarity that will come from the outcome of these proceedings will enable the Crown to work with Southern Response to provide a soundly based proactive solution to those people that are affected.” More>>