• About
  • Advertise
  • Careers
  • Contact Us
Saturday, June 28, 2025
  • Login
No Result
View All Result
NEWSLETTER
Tech | Business | Economy
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
Home Business Security

How APT Group Uses ShadowPad Backdoor and MS Exchange Vulnerability to attack Companies

by Techeconomy
June 28, 2022
in Security
0
UBA
Advertisements

In mid-October 2021, Kaspersky ICS CERT discovered a previously unknown Chinese-speaking threat actor attacking telecommunications, manufacturing, and transport organisations in several Asian countries.

During the initial attacks, the group exploited MS Exchange vulnerability to deploy ShadowPad malware and infiltrated building automation systems of one of the victims.

A building automation system (BAS) connects all the functions inside the building – from electricity and heating to fire and security – and is managed from one control center.

Once a BAS is compromised, all processes within that organisation are at risk, including those relating to information security.

The experts at Kaspersky ICS CERT witnessed attacks on organisations in Pakistan, Afghanistan, and Malaysia in industrial and telecommunications sector.

The attacks had a unique set of tactics, techniques, and procedures (TTPs), which led the experts to believe that the same Chinese-speaking threat actor was behind all of these observed attacks.

Their attention was particularly drawn to the actor’s use of engineering computers in building automation systems, belonging to the companies’ infrastructures, as the point of infiltration – that is unusual for APT groups.

By taking control over those systems, the attacker can reach other, even more sensitive systems of the attacked organisation.

As the investigation showed, the main tool of the APT group is ShadowPad backdoor. Kaspersky has been witnessing this malware being used by various Chinese-speaking APT actors.

During the attacks of the observed actor, the ShadowPad backdoor was downloaded onto the attacked computers under the guise of legitimate software.

In many cases the attacking group exploited a known vulnerability in MS Exchange, and entered the commands manually, that indicates the highly targeted nature of their campaigns.

“The building automation systems are rare targets for advanced threat actors. However, those systems can be a valuable source of highly confidential information and may provide the attackers with a backdoor to other, more secured, areas of infrastructures. Since these attacks develop extremely rapidly, they must be detected and mitigated during their very early stages. Thus, our advice is to constantly monitor the mentioned systems, especially in critical sectors,” comments Kirill Kruglov, security expert at Kaspersky ICS CERT.  

Learn more about the attacks through building automation systems on Kaspersky’s ICS CERT website.

To keep your OT computers protected from various threats, Kaspersky experts recommend:

· Regularly updating operating systems and any application software that are part of the enterprise’s network. Apply security fixes and patches to OT network equipment as soon as they are available.

· Conducting regular security audits of OT systems to identify and eliminate possible vulnerabilities.

· Using OT network traffic monitoring, analysis and detection solutions for better protection from attacks that potentially threaten OT systems and main enterprise assets.

· Providing dedicated OT security training for IT security teams and OT engineers. This is crucial to improve response to new and advanced malicious techniques.

· Providing the security team responsible for protecting industrial control systems with up-to-date threat intelligence. ICS Threat Intelligence Reporting service provides insights into current threats and attack vectors, as well as the most vulnerable elements in OT and how to mitigate them.

· Using security solutions for OT endpoints and networks such as Kaspersky Industrial CyberSecurity to ensure comprehensive protection for all critical systems.

· Protect the IT infrastructure. Integrated Endpoint Security protects corporate endpoints and enables automated threat detection and response capabilities.

Loading

Advertisements
MTN ADS

Author

  • Techeconomy
    Techeconomy

    View all posts
0Shares
Tags: building automation systemKaspersky ICS CERTMS Exchange vulnerabilityShadowPad malware
Techeconomy

Techeconomy

Next Post

Build Your Brand with HUAWEI Ads

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recommended

Ajibola Olude, Top 50 Digital Economy Enabler (1)

Ajibola Olude named Among Nigeria Top 50 Digital Enablers

2 years ago

Fraudsters Launch Phishing Attacks on Universities

3 years ago

Popular News

    Connect with us

    • About
    • Advertise
    • Careers
    • Contact Us

    © 2025 TECHECONOMY.

    No Result
    View All Result
    • News
    • Tech
      • DisruptiveTECH
      • ConsumerTech
      • How To
      • TechTAINMENT
    • Business
      • Telecoms
      • Mobility
      • Environment
      • Travel
      • StartUPs
        • Chidiverse
      • TE Insights
      • Security
    • Partners
    • Economy
      • Finance
      • Fintech
      • Digital Assets
      • Personal Finance
      • Insurance
    • Features
      • IndustryINFLUENCERS
      • Guest Writer
      • EventDIARY
      • Editorial
      • Appointment
    • TECHECONOMY TV
    • Apply
    • TBS
    • BusinesSENSE For SMEs

    © 2025 TECHECONOMY.

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In
    Translate »
    This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.