Skip to content

We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

TRENDS EYE VIEW

OPERATION HARVEST MALWARE OUT TO STEAL AMERICAN IP AND MILITARY SECRETS, SAYS MCAFEE

September 21, 2021September 21, 2021

Security Software company McAfee announced on 14 September findings that a “long-term” malware operation was likely out to steal Intellectual Property, military intelligence and more.
In a deep dive analysis, the website posted its findings about Operation “Harvest.” Among the disturbing conclusions:
“From what we observed, the adversary had a long-term intention to stay present in the victim’s network. With high confidence, we believe that the adversary was interested in stealing proprietary intelligence that could be used for military or intellectual property/manufacturing purposes.
“The adversary used several techniques to exfiltrate the data. In some cases, batch (.bat) scripts were created to gather information from certain network shares/folders and use the ‘rar’ tool to compress them to a certain size…”
According to McAfee, the sophisticated exploit was carried out by first establishing a malicious web server presence, to gather info and gain elevated privileges into targeted networks.
A combination of tools and malware, some of it open source, with names like “Bad Potato.” Another piece of malware, “PlugX,” was identified as part of an attack establishing a backdoor into systems on Windows operating system machines.  The Winnti malware family was also involved.
Who Did it?
The McAfee analysis included posing the question of who did it, calling it the million dollar question. But perhaps it would be more like a trillion dollar question, considering the value of the IP and military secrets involved.
After acknowledging attribution is not the main focus of the security company, the company explained:
“What we do care about is that if we learn about these techniques during an investigation, can we map them out and support our IR team on the ground, or a customer’s IR team, with the knowledge that can help determine which phase of the attack the evidence is pointing to and based on historical data and intelligence, assist in blocking the next phase and discover more evidence?”
McAfee’s deep dive analysis then explained the facets of its search for the remote actors executing Operation Harvest.  The company concluded the source was Beijing, China:
“The identified C2 server was 185.161.211.97 TCP/80.
“Timeline of Events
“When analyzing the timestamps from this investigation, like we did for operation Harvest, we came to the below overview:

“Figure 14 Beijing working hours case 2019/2020
“Again, we observed that the adversary was operating Monday to Friday during office hours in the Beijing time-zone.”
The Trends Journal has previously reported on the staggering scale of China’s theft of American intellectual property, as well as various forms of infiltration into every aspect of American society.
Some touchstone articles include “AMERICA DRIFTS TOWARD CHINA’S ‘TECHNO-AUTOCRACY’” (9 Feb 2021), and “CHINA BUSINESS ESPIONAGE NETS $500 BILLION A YEAR” (29 Jun 2021).

Comments are closed.

en en