Chinese Hacker Group ‘Comment Crew’ Remains Active and Operates Stealthily

June 27, 2013

Security experts assert that the Chinese hacker group known as Comment Crew is still active and operating covertly. Rumors within the intelligence community suggest, “The Comment Crew is back again,” with researchers suspecting their involvement in the recent cyber tensions between the U.S. and China.

Looking back, in February, the Mandiant Intelligence firm published a significant report detailing an extensive computer espionage campaign called APT1. Mandiant linked APT1, which compromised 141 organizations over seven years, to a Chinese military unit known as “61398.” Notably, the security firm identified a consistent pattern in attacks carried out by this group and established key indicators to recognize ongoing advanced persistent threat (APT) attacks.

Mandiant has been monitoring the group for years, and while it is not the only firm to do so, FireEye has also provided valuable insights into their operations.

Chinese Hacking Group ‘Comment Crew’ Remains Active and Under the Radar

In recent developments, cybersecurity experts have confirmed that the notorious Chinese hacking collective known as Comment Crew continues to operate covertly. Observations within the intelligence community suggest that this group has resurfaced, raising suspicions of their involvement in escalating cyber tensions between the United States and China.

To place this in context, a significant report released by Mandiant in February 2013 unveiled an extensive cyber espionage initiative referred to as APT1. This investigation linked APT1 to an affiliated Chinese military unit designated as “61398,” which has been implicated in the compromise of 141 organizations over a span of approximately seven years. The report not only spotlighted the scale of these attacks but also identified recurring patterns in the tactics employed by this group. Such insights have enhanced the ability of security professionals to recognize key indicators of ongoing Advanced Persistent Threat (APT) activities.

Mandiant’s monitoring efforts have comprehensively detailed the operations of Comment Crew, illuminating methodologies that could potentially be related to the current geopolitical cyber conflicts. Other firms, such as FireEye, share similar concerns regarding the tactical activities of this group, underscoring a trend of persistent threats that align with broader APT behaviors.

Targets of these attacks have notably included a range of sectors, from technology to defense, reflecting a strategic interest that corresponds with national objectives. The groups’ tactics, derived from the MITRE ATT&CK framework, suggest the employment of several techniques across various stages of their operations. Likely methods of initial access include spear phishing or exploitation of vulnerabilities, followed by techniques for persistence that allow them to maintain access and collect intelligence over time.

Such tactics may also extend into privilege escalation, enabling the hackers to expand their foothold within compromised networks and extract valuable proprietary data. Consequently, organizations must remain vigilant, continuously updating their security postures to counteract these persistent threats.

In summary, the ongoing activities of Comment Crew highlight the critical importance of robust cybersecurity measures, given the potential for sophisticated attacks that leverage established adversarial techniques. Business owners and technology leaders are urged to stay informed and proactive in their defense strategies against the ever-evolving landscape of cyber threats.

Source link

Related Posts

Google Researcher Uncovers Internet Explorer Vulnerability Now Exploited in Targeted Attacks

July 11, 2013

Tensions are rising between Google and Microsoft once again. Recently, Microsoft announced that hackers have been actively taking advantage of a vulnerability disclosed by Google researcher Tavis Ormandy. This flaw, affecting Windows 7 and 8, allows local users to gain escalated privileges, facilitating system compromise.

Microsoft has addressed the vulnerability in its July “Patch Tuesday” updates. However, Ormandy has faced criticism from Microsoft and parts of the security community for publicly revealing the flaw before it was patched—an approach some believe undermines the opportunity for the software developer to respond. Ormandy, in turn, expressed frustrations with Microsoft’s hostile treatment of vulnerability researchers, suggesting that they are often difficult to collaborate with. He advised fellow researchers to consider using pseudonyms when interacting with major tech companies.