A group of attackers has launched a malicious campaign targeting non-governmental organizations and other groups in Myanmar, UK-based cybersecurity firm Sophos said on Wednesday. Local cybersecurity practitioners, however, believe the attackers to be mostly Burmese “amateur groups.”
Sophos said that given the targets and characteristics of the malware, the attackers could be a Chinese APT (advanced persistent threat) group. “The actors used several plaintext strings written in poor English with politically inspired messages in their samples,” the firm said. Some of the strings read “Hapenexx is very bad,” “Happiness is a way station between too much and too little,” and “HELLO_USA_PRISIDENT.”
“The only attackers that would include this type of nonsensical political messages are amateur groups from Myanmar,” said Lynn Htun, a local cybersecurity practitioner. “These groups basically copied Chinese malware, inserted the political messages, and sent them to targeted NGOs.” Lynn Htun believes that the attacks are aimed to coincide with the upcoming elections.
The assailants installed the “KillSomeOne” loophole, which allows them to install malware. Sophos said that the perpetrators displayed different expertise and capabilities. “Some of them are highly skilled, while others don’t have skills that exceed the level of average cybercriminals,” the firm added.
“These groups are by no means professional hackers or have any real experience,” said Lynn Htun. “They are more enthusiasts learning from Google and security blogs, targeting low-hanging fruits.”
He said the attack will mostly cause “defacement” to the sites, changing the visual appearance, and affect reputation or brand image of the organizations or companies. Personal or business data may also be captured as part of the exercise.
What he doesn’t believe is that the assaults are sophisticated enough to reach deeper into the network infrastructure. Similar attacks might happen as the November 8 general elections are fast approaching.
“The very basic thing businesses can do to protect their websites, infrastructure, and digital assets is to regularly conduct vulnerability assessments (VAPT), and also review their security configurations and policies to address the rising threats,” Lynn Htun suggested.