By Eduard Kovacs on August 04, 2015 Researchers at RSA have conducted an in-depth analysis of a Chinese virtual private network (VPN) service that has been used by advanced persistent threat (APT) groups to anonymize and obscure their activities.
Dubbed “Terracotta” by RSA, the commercial VPN service is marketed in China under various brands. The network is often used for anonymity, peer-to-peer (P2P) file sharing and gaming acceleration, and to bypass China’s Great Firewall’s censorship system.
One of the things that caught the attention of researchers is that Terracotta is a malware-supported VPN network. Many of the service’s more than 1,500 VPN nodes are on compromised servers belonging to various organizations from all over the world.
According to researchers, at least 31 of the host systems are hacked Windows servers belonging to a major hotel chain, U.S. government organizations, universities, tech services providers (including government contractors), and various private firms.
RSA believes the operators of Terracotta are targeting Windows servers because they include VPN services that can be easily configured. In all cases, the hijacked servers were Internet-exposed devices that were not protected by hardware firewalls.
full article
Chinese VPN Used by APT Actors Relies on Hacked Servers
+54Brian Krebs's take on the subject.
4th August 2015
Hardly a week goes by without a news story about state-sponsored Chinese cyberspies breaking into Fortune 500 companies to steal intellectual property, personal data and other invaluable assets. Now, researchers say they’ve unearthed evidence that some of the same Chinese hackers also have been selling access to compromised computers within those companies to help perpetuate future breaches.
The so-called “Great Firewall of China” is an effort by the Chinese government to block citizens from accessing specific content and Web sites that the government has deemed objectionable. Consequently, many Chinese seek to evade such censorship by turning to virtual private network or “VPN” services that allow users to tunnel their Internet connections to locations beyond the control of the Great Firewall.
http://krebsonsecurity.com/wp-content/uploads/2015/08/terracottavpn-580x239.png
Full Article
4th August 2015
Hardly a week goes by without a news story about state-sponsored Chinese cyberspies breaking into Fortune 500 companies to steal intellectual property, personal data and other invaluable assets. Now, researchers say they’ve unearthed evidence that some of the same Chinese hackers also have been selling access to compromised computers within those companies to help perpetuate future breaches.
The so-called “Great Firewall of China” is an effort by the Chinese government to block citizens from accessing specific content and Web sites that the government has deemed objectionable. Consequently, many Chinese seek to evade such censorship by turning to virtual private network or “VPN” services that allow users to tunnel their Internet connections to locations beyond the control of the Great Firewall.
http://krebsonsecurity.com/wp-content/uploads/2015/08/terracottavpn-580x239.png
Full Article
The Terracotta commercial VPN, marketed in China under a number of different brand names, uses hacked servers to power its network
By Maria KorolovLAS VEGAS - The Terracotta commercial VPN, marketed in China under a number of different brand names, uses hacked servers to power its network -- and the network has become popular with advanced persistent threat groups, according to research released today by RSA Security.
"We don't usually see commercial networks hacking into servers," said Peter Beardmore, RSA's senior consultant for threat intelligence marketing.
Terracotta also stands out because it keeps adding new IP addresses and not publishing the data, he added. This is one of the things that makes it popular with cybercriminals. "Most commercial VPN services publish their IP addresses," Beardmore said. "And enterprises and governments can restrict access from those IP addresses."
full article
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.