Delaware, USA – November 8, 2017 – ChessMaster is a cyber espionage campaign that has been conducted for several months against organizations, mainly located in Japan. Trend Micro links this campaign with a group of APT 10, also known as Stone Panda. Attackers use a wide range of backdoors and Trojans, and the number of tools and techniques used continues to increase. Recently, the researchers recorded a new surge in ChessMaster activity using a new backdoor and exploiting CVE-2017-8759 vulnerability. This vulnerability in the .NET Framework allows adversaries to execute code via the use of an exploiting document. When the victim opens the document, it connects to the remote server and executes a JScript backdoor to collect information about the system. After that, the backdoor communicates with another server and loads Anel backdoor, signed with an invalid Microsoft signature as the additional measure to avoid detection by antivirus solutions. After analyzing the backdoor code, the researchers concluded that this is not yet the final version, and the attackers continue to work on it, adding new features.
Adversaries can carry their malicious activities for months and remain undetected. To uncover this kind of attacks, you can use APT Framework use case, which enables your SIEM to detect the correlation between suspicious events and identify compromised assets.