Understanding Attacks Linked To APT39

 





To know more about it, you can go through my detailed document by clicking here










Overview

APT39 is also known as Chafer or Remix Kitten is a cyberespionage Threat group suspected to be supported by Iranian Government with the help of a front company Rana Intelligence Computing since 2014. Its primary targets have always been the travel, hospitality, telecommunication industries across Middle East & Persian Gulf, Spain, US, Australia, etc.

Attack Methods

It generally uses the following attack methods or tools:
  1. Spearphishing
  2. Malicious attachments
  3. URLs infected with POWBAT
  4. Vulnerable web servers
  5. Custom backdoors
  6. Mimikatz
  7. SQL injections
  8. RDP, SSH, data compression before exfiltration, etc.

Remedy

The following measures may help in the prevention and mitigation of this malware:
  • Regular application update is necessary in order to protect against known vulnerabilities;

  • User input validation should be employed so that local as well as remote file inclusion vulnerabilities can be restricted;

  • Use of web application firewall, regular signature virus checkups, application fuzzing, code reviews, server network analysis, etc. can be of much help;

  • Regular system and application vulnerability scans can also highlight any possible areas of concern; etc...


















To know more about it, you can go through my detailed document by clicking here


Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)