US firm uncovers Chinese espionage campaign 'OperationCuckooBees'
Massachusetts (US), June 6: A global cyber espionage campaign dubbed "OperationCuckooBees," which was targeting manufacturers across North America, Europe and Asia in the Defense, Energy, Aerospace, Biotech and Pharma industries, has been uncovered.
As per the Boston-based company Cybereason, this is one of the largest IP theft campaigns of its kind coming from China. Last month, Cybereason published new research on Operation CuckooBees, a 12-month investigation into Winnti Group's global cyber espionage campaign targeting manufacturers across the globe.
"Operation Cuckoo Bees research is the culmination of a 12-month investigation that highlights the intricate and extensive efforts of the Chinese state-sponsored Winnti Group (APT 41) to abscond with proprietary information from dozens of global organizations. The most alarming revelation is that the companies weren't aware they were breached, going some as far back as at least 2019, giving Winnti free unfiltered access to intellectual property, blueprints, sensitive diagrams and other proprietary data," stated the Cybereason CEO and Co-founder, Lior Div.
During its investigation, Cybereason found that Winnti has been carrying out Operation CuckooBees undetected since at least 2019, syphoning thousands of gigabytes of intellectual property and sensitive proprietary data from dozens of firms.
Cybereason released two reports, the first of which examined the overall campaign's tactics and techniques, and the second of which included a detailed analysis of the malware and exploits used.
Also Read | Operation Blue Star 38th anniversary: Amritsar fortified, uneasy calm engulfs the city
Based on the forensic artefact analysis, Cybereason estimates with medium-high confidence that the attackers are associated with the notorious Winnti APT group. This group has been active on behalf of Chinese state interests since at least 2010, and it specialises in cyber espionage and intellectual property theft.
A sophisticated and elusive cyber-espionage operation with the purpose of collecting sensitive proprietary information from technology and manufacturing companies primarily in East Asia, Western Europe, and North America was also uncovered.
The reports detail a previously unknown malware strain known as DEPLOYLOG employed by the Winnti APT group, as well as new versions of known Winnti malware such as Spyder Loader, PRIVATELOG, and WINNKIT.
"The security vulnerabilities that are most commonly found in campaigns such as Operation CuckooBees are exploited because of unpatched systems, insufficient network segmentation, unmanaged assets, forgotten accounts and lacking multi-factor authentication products. Although these vulnerabilities may seem to be easy to fix, day-to-day security is complex and it's not always easy to implement mitigations at a grand scale. Defenders should follow MITRE and/or similar frameworks to make sure that they have the right visibility, detection and remediation capabilities in place to protect their most critical assets," Div said.
Also Read | Tamil Nadu: 12 test positive for Omicron subvariants BA.4, BA.5
-PTC News
