A hacker group allegedly sponsored by the Chinese Government has attacked a large number of companies around the world. The group, called Cicada, is said to be targeting the data stored on the companies’ servers.
In a blog post, security company Symantec writes that various digital fingerprints show that the group responsible for the hacks is Cicada, also known as APT10, Stone Panda or Cloud Hopper. The group has been linked to espionage actions since 2009 and, according to the US government, is sponsored by the Chinese government.
To break into companies’ systems, the group exploits the ZeroLogon vulnerability in Windows (CVE-2020-1472). This allows malicious persons to pretend to be a domain controller and take over an infected computer. Microsoft released a patch for the vulnerability in August, many companies haven’t installed it yet.
The group appears to mostly point their arrows on Japanese companies or companies with a link to Japan. The focus seems to be mainly on automotive companies, but other industries also fall victim to the hacks, such as clothing, conglomerates, electronics, engineering, general trade, government, industrial products, managed service providers, manufacturing, the pharmaceutical industry and professional services.
Symantec warns companies with a link to Japan to be aware that they may be targeted by this sophisticated hacker group.