CT-128-3-2-ISC Asia Pacific University

Member(s): MD AZMAN RAHMAN FAHIM

Page |
CT-128-3-2-ISC Asia Pacific University

Table of Content

1.0 Introduction to the Attack......................................................................................................................................3

1.1 Victims Affected by State sponsored Attacks ............................................................................................................3

1.2 Target industries.......................................................................................................................................................4

1.3 Overview...................................................................................................................................................................5

2.0 Security Controls.....................................................................................................................................................6

2.1 Digital Asset Management........................................................................................................................................6

2.2 Data Encryption........................................................................................................................................................7

2.3 Progressive Tools for Threat Identification..............................................................................................................8

2.4 Building a Blockchain...............................................................................................................................................8

3.0 Conclusion................................................................................................................................................................9

4.0 Workload Matrix....................................................................................................................................................9

5.0 References..............................................................................................................................................................10

Page |
CT-128-3-2-ISC Asia Pacific University

1.0 Introduction to the Attack

This common Cybersecurity Advisory describes the ways in which People’s
Republic of China( PRC) state- patronized cyber actors continue to exploit
intimately known vulnerabilities in order to establish a broad network of
compromised structure. These actors use the network to exploit a wide variety of
targets worldwide, including public and private sector associations. The
premonitory details the targeting and concession of major telecommunications
companies and network service providers and the top vulnerabilities primarily
Common Vulnerabilities and Exposures associated with network bias routinely
exploited by the cyber actors since 2020. According to the International Forum for
Rights and Security, a research group based in Canada, China is responsible for the
majority of cyberattacks and is largely driven by a desire to obtain secrets and
achieve its political goals through such operations (IFFRAS). China is largely
driven by a desire for commercial secrets and the pursuit of its political goals,
according to Crowd Strike, which provides cyber security for half of the 20 largest
multinational corporations in the world.

1.1 Victims Affected by State sponsored Attacks

Chinese hackers, likely state- patronized, have been astronomically targeting
government and private- sector organizations across Southeast Asia, including
those nearly involved with Beijing on structure development systems, according to
a report released Wednesday by a US- grounded private cybersecurity company.
Specific targets included the Thai high minister's office and the Thai army, the
Indonesian and Philippine processions, Vietnam's public assembly and the central
office of its Communist Party, and Malaysia's Ministry of Defense, according to
the Insikt Group, the trouble exploration division of Massachusetts- grounded
Page |
CT-128-3-2-ISC Asia Pacific University

Recorded Future. It determined that the high- profile service and government
organizations in Southeast Asia had been compromised over the last nine months
by hackers using custom malware families similar as Funny Dream and Chinoxy.
Those custom tools aren't intimately available and are used by multiple groups
believed to be Chinese state- patronized. The targeting also aligns with the political
and profitable pretensions of the Chinese government, bolstering the dubitation it's
state- patronized, we believe this exertion is largely likely to be a state actor as the
observed long term targeted intrusions into high value government and political
targets is harmonious with cyberespionage exertion, coupled with linked
specialized links to known Chinese state- patronized exertion.  (Business standard,
December 2021)

1.2 Target industries.

Since at least 2012, APT41 has specifically targeted businesses in at least 14
different nations. The group has previously stolen intellectual property as part of its
espionage efforts, which have historically targeted the high-tech, telecom, and
healthcare industries. The video game industry is the focus of their cybercrime
intrusions, which also include the manipulation of virtual currencies and attempted
ransomware deployment. There is some evidence that APT41 monitors people and
performs surveillance through its attacks on news/media, travel, and higher
education institutions.

Page |
CT-128-3-2-ISC Asia Pacific University

1.3 Overview.
APT41 is a well-known cyber threat group that engages in financially motivated
conduct that may be beyond the reach of the government as well as state-sponsored
espionage on behalf of the Chinese government. malware linked to China Chopper,
Crosswalk, High Noon, xDoor, Xmrig, ASPXSpy, MessagetAP, Gh0st, njRAT,
PlugX, ZxShell, Black coffee, poison plug, Mimikatz attack modes.

In order to initially exploit their victims, APT41 frequently uses spear-phishing

emails with attachments like compiled HTML (.chm) files. Once inside a target
organisation, APT41 can use more advanced TTPs and introduce new malware.
For instance, throughout the course of a nearly one-year operation, APT41 infected
hundreds of systems and employed roughly 150 different types of malware, such as
backdoors, credential stealers, keyloggers, and rootkits. In order to conceal its
malware and maintain persistence on a small number of target systems, APT41 has
additionally deployed rootkits and Master Boot Record (MBR) bootkits.

Page |
CT-128-3-2-ISC Asia Pacific University

2.0 Security Controls

2.1 Digital Asset Management
Systems for managing digital assets and their associated metadata can store
digital assets in a safe and secure manner. The term "metadata" refers to data about
a file, such as geographic details, the author or creator's name, etc. Shared network
drives and cloud folder services have been accepted by businesses, although they
have many restrictions. For instance, sharing a folder with a large number of
employees spread across numerous locations is not secure. It's time to move on
when your organisation outgrows its cloud share. With the use of digital asset
management software, assets may be kept in one place and made accessible from
anywhere in the world. Your important cloud security KPIs will improve as a
result. Professional-grade systems have a content distribution network, like
Filestack (CDN). Your files are stored by a CDN in dispersed buckets at many
locations. so users worldwide can access them right away. Compared to
downloading and sharing data over cloud folders, this is a significant security
enhancement.It can manage file sharing through a branded site, watermarking
photos, approval workflows, and more. It uses cutting-edge technologies, such as
cloud RPA and artificial intelligence, to make it simple for you to view your digital
assets. The internal centralization procedure establishes a centralised location for
the storage of all digital assets. As a result, distinct departments can securely
communicate and retrieve data while having access to the same branded assets.

Page |
CT-128-3-2-ISC Asia Pacific University

2.2 Data Encryption

Data is constantly in danger. It is frequently most vulnerable while it is "in transit,"
or moving across the internet. Additionally, data that is "in rest," or stored
somewhere, is vulnerable. There are a few easy ways to safeguard your data. When
you, for instance, upload files and images to website builders, data is in transit.
When you upload files to cloud storage, it is also in transit. Data should be
encrypted before being sent in order to safeguard it while it is in transit.
Authenticate the endpoints, then at the destination, decrypt and check the data.
HTTPS, commonly referred to as the TLS 1.2 protocol, is the fundamental tool for
this encryption. This protocol operates by dividing the message you intend to
deliver into its component components. It combines these components via an
algorithm powered by a public key. Using a private key, the protocol on the
recipient's end of the communication decrypts the message.When data is stored on
any type of storage, including a hard drive, a flash drive, a cloud server, or
anywhere else, it is said to be at rest. Security access policies must be used to
secure data that is at rest. Control the location of the data's safe storage as well as
who and what can access it. The best practise for online systems and applications is
to keep your user base and digital assets separate. These two must only
communicate with one another locally, away from the internet. Along with
encrypting user data-containing fields, the complete database must be encrypted.
Uploads to Filestack are both encrypted and encoded. Even if the end user's
connection to the platform is insecure, Filestack encrypts all data that enters and
leaves the system.

Page |
CT-128-3-2-ISC Asia Pacific University

2.3 Progressive Tools for Threat Identification.

The development of sophisticated detection and protection technologies for cyber
security is another area where technology is growing quickly. As part of an all-
encompassing strategy to protect your company against cyber attacks, there are a
number of technologies you should take into consideration. Defensive deception
methods are among them, helping to spot attacks quickly and transmit vital
information before it is accessed or corrupted. Companies can defend their data
from assaults by using decoys, web application firewalls, intrusion prevention
systems (IPS), and web-based deception solutions.

2.4 Building a Blockchain.

If you've been following the headlines around cryptocurrencies, you've probably
heard a little something about blockchain. This technology ensures the legitimacy
of digital currencies like Bitcoin, Ripple, and others. Blockchain is a type of online
ledger that explicitly keeps track of all the data in a programme. This information
is presented as coins and transactions in the context of cryptocurrencies.
Blockchain, however, offers much more advantages than merely monitoring
Bitcoin. In reality, this type of cyber technology can aid businesses in thwarting
internet assaults. When a blockchain is formed, it can never be modified, erased, or
changed again. It is written in digital stone. The same process used to generate
encrypted languages among other things, sequential hashing combined with
cryptography, is used to build blockchain.

Page |
CT-128-3-2-ISC Asia Pacific University

3.0 Conclusion.
To conclude to all of the above, the attack was greatly planned and the victims were blackmailed
until the very end. The government took a serious damage from this attack due to data loss and
later declaration of emergency. The group of the hackers got away with it and are still planning
other attacks worldwide. Cybersecurity crimes can be avoided if the appropriate measures are
taken, like IDS as explained earlier which is a preventive measure, otherwise there are other
security controls like backup of data which are corrective controls. That means that they are
useful after the incident had happened. Although if the government of Costa Rica had their data
backed up they could get away with it and minimize the damage in a significant extend.

4.0 Workload Matrix

Task MD AZMAN RAHMAN FAHIM (TP057341)
Introduction 100

Proposed security controls strategy 100

Conclusion 100

Page |
CT-128-3-2-ISC Asia Pacific University

5.0 References

1. Ap (2021) State-sponsored Chinese hackers targeted Southeast Asian nations: Report,

Business Standard News. Business-Standard. Available at: https://www.business-
standard.com/article/international/state-sponsored-chinese-hackers-targeted-southeast-
asian-nations-report-121120900145_1.html (Accessed: October 7, 2022).

2. Chinese state-sponsored actors exploit publicly known vulnerabilities (no date) Chinese State-
Sponsored Actors Exploit Publicly Known Vulnerabilities . National Security Agency |
Cybersecurity Advisory. Available at:
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_
VULNERABILITIES_UOO179811.PDF (Accessed: October 7, 2022).

3. Preventing Chinese sabotage in a crisis - u.s.-china technological "decoupling": A strategy

and policy framework (2022) Carnegie Endowment for International Peace. Available at:
https://carnegieendowment.org/2022/04/25/preventing-chinese-sabotage-in-crisis-pub-
86922 (Accessed: October 7, 2022).

Page |