Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Black Hat 2015: Attackers use commercial Terracotta VPN to launch attacks

Tim Greene | Aug. 5, 2015
RSA researchers have discovered a China-based VPN network dubbed Terracotta that is used extensively to launch advanced persistent threat (APT) attacks and that hijacks servers of unsuspecting organizations in order to add new nodes to its network.

All of the servers that were taken over sat outside hardware firewalls and none of them had Windows firewall running on them. The attackers also found machines that were peripheral to companies' main lines of business and weren't as well protected as other resources. For example, a large hotel chain had servers in its development system compromised because they weren't part of the chain's regular monitoring program and IT wasn't paying a lot of attention to them, he says.

RSA attributes much of the malicious activity running over Terracotta to groups in China that can be identified by the common tactics they use to plant advanced persistent threats. He says it's the first time he's seen these particular groups, including the one known as Shell Crew/Deep Panda, paying to use a commercially available VPN as a delivery mechanism for their malware.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.