Quaser Rat Malware: A commonality found in APT 10 attack led by MSS, China and Dropping Elephant attack led by Phronesis

Cyber Warfare Asia
3 min readMar 3, 2022

A hacking cluster integrated with the administration of notorious nation China. The country is suspected to have conceded a malicious attack against the financial sector of Taiwan by leveraging resistance in security software solutions by approximately 80% of all local financial conglomerates.

CyCraft, (MDR) a paramount Managed Detection and Response contributor evolved in Taiwan, discovered intelligence concerning the Cyber attacks of November 2021. The CyCraft accredited the intrusions- which it pursued under the code name of Operation Cache Panda- linked to Apt 10 Group.

According to the report of CyCraft, the malicious campaign started in November 2021, but it was at its peak between 10 and 13 January 2022. APT 10 exploited vulnerability in the web interface of a security tool, conceals a version of the ASPXCsharp web shell, and then used a tool called Impacket to inspect a target Company’s interior network.

China-linked APT10 group targets Taiwan’s financial trading sector with a supply of chain attack.

The advanced Persistent threat APT is a china state-sponsored hacker group known as APT 10 by MITRE ATT&CK nomenclature widely believed to be associated with the MSS Ministry of State Security (Chinese intellectual agency). The target of APT10 includes healthcare, defense, finance, maritime, biotechnology, energy, and governmental organizations, with an emphasis on targets In Taiwan and Japan. The APT group is also known as stone Panda, Bronze Riverside. The notorious hacking group targets Taiwan with a supply of chain attacks.

In April 2017, professionals from PwC, UK, and BAE systems revealed an extensive hacking drive, detected as Operation Cloud Hopper, targeting Managed Service Providers (MSPs) in manifold nations globally. According to the evidence gathered by experts demonstrating the participation of the APT10 group, the registration IPs and timing of the domain specify campaign was regulated with the time zone of China.

In November 2020, analysts unveiled a large- scale campaign directed by china based APT10 targeting numerous commerce using the recently divulged ZeroLogon vulnerability. The hacker oppressed vulnerability in the interface of an unnamed security firm’s web management in Taiwan and positioned a web crust to dispatch the Quasar Rat on the Target System.

QuasarRAT has been used in the past by many hacking groups, including APT33, APT10, Dropping Elephant, Stone Panda, and The Gorgon Group. Dropping Elephant developed and used by Indian Cyber espionage firms Phronesis.

In 2016, APT Dropping Elephant led by Phronesis was highlighted for targeting diverse high profile discreet and economic actors using a custom set of attack tools. The sufferers are all involved with China’s foreign associations in some way and are generally caught through the attacks of spear-phishing or watering holes.

It is interesting to note that both rival countries India and china have been suing the same malware to achieve their Cyber offensive goals. With such emergence of methodology another fact becomes evident that Indian Cyber players like Phronesis have almost reached at par with Chinese offensive abilities.

--

--

Cyber Warfare Asia

Providing news related to state sponsored cyber warfare in Asia