Recently, network security researchers discovered that the APT organization SideWinder is "concentrating its firepower" to attack related entities such as the government, military industry, national defense, and scientific research universities in China.
According to the researchers, the APT organization attack chain mainly uses spear phishing as an intrusion mechanism to infiltrate the network environment of the victim target, and imitate various organizations such as news, government, telecommunications and financial sectors to carry out attacks and obtain sensitive information of users .
How did the APT organization "Rattlesnake" complete the attack?
The research found that the attacker used a pre-registered fake domain name and account to send a phishing email containing a malicious shortcut attachment to the target's official mailbox. Or use hotspots or impersonate officials to send highly deceptive emails, using seemingly virus-free documents as a cover, but actually containing malicious programs.
Once the attacking organization gains the user's trust and clicks on the malicious shortcut, it will invoke a command to execute a remote Javascript script, which loads a staged malicious program in memory. The malicious program will obtain the antivirus software information of the local computer, and release and open a non-malicious cover document. In addition, malicious programs will also download subsequent Trojan horse programs to damage the system and steal data.
Hackers will use various means to achieve their goals, so protecting passwords is not as secure as protecting data. The global security community agrees that data encryption can better protect data security. Because there are many ways to obtain passwords, and to decrypt a piece of data must have a strong computing power, which will cost a lot of money and even take decades.
