▲ AhnLab and the National Cyber Security Center APT Group Tracking Report
AhnLab and the National Cyber Security Center (NCSC) of the National Intelligence Service released a report today (23rd) on the joint tracking and analysis of the cyber activities of an APT (Advanced Persistent Threat) group called ‘TA ShadowCricket,’ suspected to be associated with China.
ShadowCricket is believed to have started its activities in 2012, targeting remote access functions of exposed Windows servers or database access to infiltrate systems. It has reportedly been controlling over 2,000 infected systems worldwide.
The report highlighted that, unlike typical hacking activities like monetary demands or information leakage, this group maintains a long-term, covert dominance over systems without such activities.
The group infiltrates by brute-forcing passwords, then installs a backdoor malware to remotely control the system, embedding it within legitimate executable files to prevent suspicion from users.
AhnLab and NCSC confirmed that more than 2,000 compromised systems were connected to the group’s servers, including critical systems in operation, which could be used for further attacks like Distributed Denial of Service (DDoS) if necessary.
By country, there were 895 affected systems in China, 457 in South Korea, 98 in India, 94 in Vietnam, 44 in Taiwan, 38 in Germany, 37 in Indonesia, 31 in Thailand, and 25 in the United States.
To prevent damage, users are advised to update their Windows operating systems to the latest version and ensure external access settings are properly secured. Passwords should be complex, and multi-factor authentication should be applied where possible.
(Photo provided by AhnLab, Yonhap News)