An advanced persistent threat (APT) group known as Cicada or APT10 has widened its targets, which first started by attacking only Japanese enterprises, to now a wide range of new countries so that they could conduct more widespread espionage attacks.
The Chinese-speaking Cicada APT group is also known for its other titles, such as Stone Panda, MenuPass Team, Potassium, and Bronze Riverside, and was believed to begin its operations in mid-2021.
Security researchers indicated that the group’s espionage campaign victims include government and NGOs, religious, and legal organisations from different countries in Asia, North America, and Europe. They also added that the threat actors strongly focus on these mentioned sectors, specifically from the education and religion areas.
Aside from Japan being the initially targeted country, the Cicada APT group has included targets from the US, Canada, Italy, Montenegro, Hong Kong, Israel, Turkey, and India, in their list.
The APT group has launched info-stealing payloads from their victims in Japan last March this year, which security experts have immediately probed. Furthermore, a supply chain attack was also found last February, wherein the financial firms in Taiwan were targeted for compromise.
These newly observed cyber-attacks performed by the APT10 show that the operators infiltrate its victims’ systems through an unpatched vulnerability in MS Exchange servers where they deploy any backdoor to commence the attack.
One of the backdoors launched by the Cicada APT group is the SodaMaster RAT, which can facilitate additional payloads retrieval and exfiltrating of stolen data back to a C2 server. The additional payloads included in an infiltration process of the threat group include the Mimikatz open-source application that has a credential dumping feature, VLC Media Player to launch a custom loader, WMIExec for RCE, and NBTScan to oversight internal reconnaissance.
Experts conclude that their observations of the APT group reveal how it has become more interested in attacking a wider range of victims for its espionage campaigns, coming from the detected numerous impacted sectors from different countries worldwide.