[German]Security analysts at Bitdefender have discovered a new case of industrial espionage by an APT hacker group in a recent analysis. A plugin for Autodesk 3ds Max was used to smuggle malware into companies for industrial espionage purposes. The case provides up-to-date insights into the world of commercial cyber espionage and the methods of cyber criminal mercenary groups.
Advertising
Industrial espionage: Unsightly discovery
Autodesk 3ds Max is a popular software often used in companies in the field of 3D computer graphics. The right place for industrial espionage. This is exactly where cyber criminals use malware packaged as plugins for Autodesk 3ds Max. I became aware of the situation both through a mail from Bitdefender and through subsequent tweets.
New Mercenary APT Group Targeted Autodesk Software https://t.co/v8qxhqryY4
— Infosecurity Magazine (@InfosecurityMag) August 26, 2020
Key findings from the white paper "More Evidence of APT Hackers-for-Hire Used for Industrial Espionage.
- Potential APT Hackers-for-Hire Used for Industrial Espionage
- Industrial espionage in the real estate industry
- Malicious payload masquerading as a plug-in for Autodesk 3ds Max (3D computer graphics software)
- Payload was tested against the company's security solution before placement to avoid detection
- Command & Control infrastructure located in South Korea
In the following I give a short outline of the incident. More information can be found in the white paper that can be accessed via this blog post by Bitdefender.
Cyber espionage attack on target companies in the architecture sector
Bitdefender security researchers were recently able to investigate a sophisticated cyber-espionage attack using Advanced Persistent Treat (APT). One of the target companies concerned is involved in architectural projects with billion-dollar luxury real estate in New York, London, Australia and Oman. The company's clients and projects include luxury residences, high-profile architects and world-renowned interior designers.
Malware in prepared plug-ins for Autodesk 3ds Max
The investigation by Bitdefenders analysts revealed that cyber criminals had infiltrated the company using a malware-affected and custom-built plug-in for Autodesk 3ds Max – a popular software used in 3D computer graphics. It was discovered that the Command & Control infrastructure that the group used to test its malicious payload against the organization's security solution was located in South Korea.
Advertising
During the investigation, Bitdefender's researchers found that the actors had a comprehensive toolset with powerful spying capabilities. Based on the telemetry, other similar malware samples were also discovered, which have been communicating with the same Command & Control server for nearly a month. These are located in South Korea, the United States, Japan and South Africa and it is likely that cyber criminals have targeted victims in these regions as well.
APT groups based on the hire/mercenary principle
One insight is that APT hacker groups are simply mercenaries who offer their skills everywhere. This is not the first incident where APT hacker groups have been used to perform espionage according to the mercenary principle. But according to Bitdefender, these incidents have increased in the last few years.
For example, the recently investigated APT group StrongPity has all the characteristics of a cybercriminal mercenary group. This group is known to serve both financial and potentially military objectives. There is evidence of commercialization of this market by highly skilled and specialized hacker groups. These are no longer just a part of global warfare in cyberspace at the state level, but hackers offer their services on the "free market" for a fee.
Bitdefender has evidence that APT groups are now used in industrial espionage in various vertical industries. The current investigation is one of the latest in this field. The latest Bitdefender whitepaper "More Evidence of APT Hackers-for-Hire Used for Industrial Espionage" contains further insights into these new developments in industrial espionage. The PDF can be downloaded free of charge. More information can be found in Bitdefender Labs Blog in this article.
Advertising
