Tuesday, December 6, 2022





Cybersecurity often focuses on malware campaigns, the latest zero-day exploits, and data breaches. However, it is more expensive when you don’t entice hackers with attention-grabbing attacks.

Researchers found that Chinese company APT Winnti was behind the attack.

The team released reports which look at the tactics and techniques used as well as more detailed reports on the malware and exploits.

What is Operation CuckooBees?

The U.S. government has been conducting an operation called “CukkooBees” to investigate and prosecute intellectual property theft. The operation targeted individuals and companies who were stealing trade secrets, software code, and other sensitive information. The investigation led to the arrest of 22 people and the seizure of over $20 million worth of stolen property.

This operation is aimed at stopping the illegal sale of copyrighted material, such as movies, music, and software. The government is urging anyone who has been a victim of intellectual property theft to come forward and report it.

Operation CukkooBees is an ongoing investigation into intellectual property theft. The investigation has revealed that Chinese nationals have been stealing trade secrets and other intellectual property from U.S. companies. The Chinese government has been complicit in these thefts, and the U.S. government is working to put an end to them.

The operation targeted websites that sold counterfeit goods, such as knock-off designer handbags, DVDs, and software. Over 100 websites were shut down as a result of the operation, and millions of dollars worth of counterfeit goods were seized.

Insight of Operation CukkooBees

The Cybereason Distributed Intrusion Investigative Team found sophisticated cyber espionage. It had been attacking technology and manufacturing companies since 2019 without detection. They collected hundreds of gigabytes worth of information over several years to meet their goals.

The hackers were able to steal information, including company info and employee details, which would allow them to hack the company more efficiently in the future. Cybereason believes that the intrusions and operation CuckooBees were done by a well-trained and sophisticated group.

Key findings from operation cukkoobees

Cybersecurity company Cybereason estimates with medium-high confidence that the culprits behind this attack are members of the notorious Winnti APT group.

ClFS is used by the attackers to exploit more vulnerabilities and hide their payloads.

The Windows Crlfiles are used the way it all happened in this attack. The reports analyze the complex attack and how it is intertwined to create a “house of cards” scenario that is difficult to dismantle. The attackers used multiple components, meaning each depends on the others.

Spyder: A modular backdoor that is sophisticated. Operation CukkooBees is using stashing with CLFS to bypass

Private Log: Extracts and deploys DEPLOYLOG

This cyber-espionage operation has been undetected for at least 2019 and had the goal of stealing sensitive, proprietary information from companies in North America and Western Europe mainly.

The research covers known and never-before-documented malware called Winnti, which includes digital signed kernel-level rootkits and complex multi-stage infection chains that have been undetected since at least 2019. This Winnti playbook research offers unique expertise in intrusion behaviors, including the most frequently utilized tactics.

Role of Winnti in CukkooBees

Reports state that Winnti is an excellent threat. The Winnti group used a range of techniques and exploited vulnerabilities in Microsoft Office, Adobe Reader, and Komando.

Intellectual Property Rights are enforced by many countries and recognized because they provide an incentive for innovation. Strong Intellectual Property Rights encourage creativity and reward effort and hard work.

There is a lot of intellectual property theft, even though there have been agreements and protections to protect innovation for corporations and nation-states.

Expecting to find imminent misconduct by China, the US has raided and captured four Chinese nationals. The discovery happened after assessing an attack on businesses. Four individuals were arrested who used computers to access networks, steal property, and use fake profiles.

Operation CukkooBees: Expensive or Not?

It is difficult to determine the precise economic impact of intellectual property theft. One group, in particular, Winnti, is working on behalf of Chinese state-aligned interests to steal information.

There have been different, large-scale IP theft operations all connected to Winnti.

Cyber espionage may not seem as scary or intense, but it is just as dangerous. Along with a lack of attention and media coverage, this type of cyber attack is less likely to catch the eye of government officials, who may not take proper security precautions. Combined with a years-long invasion of properties and theft, this can be incredibly costly for both individuals and society.