A cyber attack on Japanese companies and their subsidiaries lasted for almost a year, from mid-October 2019 to the beginning of October 2020. The large-scale operation is said to have primarily served for espionage purposes and targeted companies in 17 different countries.

Symantec’s “Threat Hunter Team” discovered the attack on some customers and attributes it to the Cicada hacker group, also known as APT 10, Stone Panda and Cloud Hopper. The group should be active since 2009. The US government has put APT 10 in connection with the Chinese government, which is why Symantec assumes that there is a connection to Beijing in this case as well. Targeting Japanese companies Cicada is known to primarily target Japanese companies. Symantec does not see a direct connection between the victims, the similarities amount to the type of attack and the techniques used. For example, the hackers exploited the ZeroLogon vulnerability, which was only closed in August 2020. Otherwise, they mainly used DLL sideloading to load malware onto the systems. Most recently, they built in “QuasarRAT”, an open source back door that Cicada had already used in the past. Methods for obfuscating activities would also correspond to the well-known procedures of Cicada.

The companies are primarily active in the automotive sector, both in production and as suppliers. But companies from the electronics, clothing and pharmaceutical industries are also affected. Symantec points out that managed service providers were also among the victims. The attackers were able to access other customer systems through their networks. The time that the intruders spent in the respective systems varied greatly: While some companies were spied on over a long period of time, others were only briefly or sporadically targeted by the attackers.

The companies concerned are in the US, Mexico, UK, France, Belgium, Germany, the United Arab Emirates, India, China, Hong Kong, Thailand, Singapore, Vietnam, the Philippines, Taiwan, South Korea and Japan. Symantec does not provide any further information about the company. (cbo)