Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign

Incredibly long dwell times here. What’s impressive is the ability to survive through updates, patching and migrations that happen in most enterprises…:

Five related threat groups that for the past decade have been systematically stealing intellectual property from US companies seemingly on behalf of the Chinese government appear poised to do even more damage amid the COVID-19 pandemic.

The groups have successfully targeted companies in multiple critical industries via cross-platform attacks on back-end servers that are often used to store sensitive data. The attackers have focused especially on enterprise Linux servers because many of these systems are not typically as well protected as other key infrastructure, researchers at BlackBerry said in a report on the cyber espionage activities of the five groups.

The access that the threat groups have gained over the years on these networks now puts them in a position to maliciously exploit the recent surge in COVID-19-related teleworking, says Eric Cornelius, chief product architect at BlackBerry.

“The tools identified in these ongoing attack campaigns are already in place to take advantage of work-from-home mandates,” Cornelius says. While the majority of the workforce is now teleworking, intellectual property remains on-premises on enterprise systems, many of which are Linux-based, he says. “The diminished number of personnel on-site to maintain security of these critical systems compounds the risks,” Cornelius notes.

[…]

Original article here