About reports
Regarding targeted attacks against Japanese organizations (cyber espionage) observed in the first half of 2019 (April to September), the industries in which the attacks were observed, characteristics of the attacking groups' attack methods, detection and mitigation measures against threats , summarized the indicators of detection.
It describes new attack methods and the detection of their threats, focusing on incidents that are believed to have involved attack groups using highly stealthy remote-controlled malware (RAT).
日本企業のセキュリティ対策を考える上で、ご活用いただけると幸いです。
Industries and trends where attacks were observed
During the first half of 2019, attacks on media organizations stood out. We have analyzed the attacks on media organizations as being carried out by the DarkHotel attack group, and we also observed attacks on defense-related organizations believed to be carried out by the same attack group. At present, my analysis is that the activity may have slightly increased in relation to the situation between Japan and South Korea. Subsequently, many attacks on chemical and telecommunications organizations were observed. We have analyzed that the attack group was the Tick attack group. Specific targets include industries such as 5G-related manufacturing companies and high-tech material manufacturers such as telecommunications and semiconductors in chemicals. The group that conducted attack activities targeting research-related, semiconductor, and critical infrastructure systems was analyzed as the BlackTech attack group. Last year's observations showed a different target profile than previous years, with activity targeting marine technology and heavy industry companies. Attacks by the BlackTech attack group have been observed in a wide range of industries, and it is believed that domestic organizations must continue to be vigilant.
Attack timeline and attack summary
Below is a table of attack group activity by month from April to September. The BlackTech and Tick threat groups exhibited continued attack activity following successful intrusions. In addition, the Tick attack group has continued its activities targeting the manufacturing industry since last fiscal year.
timeline chart
“Actual state of targeted attacks and countermeasure approaches -Trends of cyber espionage targeting Japan-” Table of contents
- Introduction
- Industries and trends where attacks were observed
- Attack timeline and attack summary
- April 2019 (Media)
- May 2019 (research related, communication)
- July 2019 (Media, Chemistry, Semiconductor)
- August 2019 (Critical Infrastructure)
- Attack timeline and attack summary
- Dark Hotel
- BlackTech (recent changes in TTPs)
- Tick
- TTPs (tactics, techniques, procedures) by attack group
- Threat Detection and Mitigation Considered from TTPs
- Malware Delivery
- About attack
- RAT to be installed, remote control (about C&C)
- indicator of detection