FireEye has deployed its Advanced Cyber Attack Landscape report with interactive maps that show that the majority of advanced persistent threat (APT) attacks alone – a full 89% – are associated with tools developed and disseminated by Chinese hacker groups. The main tool is Gh0st RAT.
Overall, looking at the average number of callbacks per company by country, the Asian states of China, Korea, India and Japan, and the economic zone of Hong Kong, together accounted for 24% of global callbacks. Not far behind, the Eastern European countries of Russia, Poland, Romania, Ukraine, Kazhakstan and Latvia comprised 22% of them.
South Korea is not far behind China in terms of its callback activity – likely a byproduct of its status as one of the most connected places on Earth. Remote access tools are a particular concern. "In a sense, South Korea is plagued by RATs,” the report said. “It is clear from the 2012 data that South Korea is one of the top callback destinations in the world and that some of the country's callback activities are associated with more targeted attacks."
FireEye found that CnC servers are hosted in 184 countries – a 41% increase when compared to the FireEye findings in 2010, when 130 countries were involved.
The company discovered that technology organizations are among the most frequently attacked. These are being targeted for the theft of intellectual property, sabotage or modification of source code to support further criminal initiatives.
The research also found that CnC servers are used heavily during the lifecycle of an attack to maintain communication with an infected machine by way of callbacks, enabling the attacker to download and modify malware to evade detection, extract data or expand an attack within a target organization.
“The threat landscape has evolved, as cyber threats have outpaced traditional signature-based security defenses, such as antivirus, and permeated around the world, enabling cybercriminals to easily evade detection and establish connections inside the perimeter of major organizations,” said FireEye CEO David DeWalt said in a statement. “The FireEye research puts in proper perspective the global pandemic of this new breed of more advanced cyber attacks.”