Since early this year, a known APT group of Chinese origin has been targeting military industrial complex enterprises and public institutions in Ukraine, Russia and Belarus, as well as in other parts of the world like Afghanistan. The group, tracked in the past as TA428, has an interesting approach where it deploys up to six different backdoors on compromised targets, likely to achieve persistence and redundancy.
The targets included industrial plants, design bureaus, research institutes, and government ministries, agencies, and departments, according to researchers from antivirus vendor Kaspersky Lab, which investigated the attack campaign.
“The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions,” the researchers said in a report. “An analysis of information obtained while investigating the incidents indicates that cyberespionage was the goal of this series of attacks.”