2023 Activities Summary of SectorB groups (ENG)
Activity of SectorB Group
The SectorB hacking groups aims to collect advanced information related to government activities such as politics and diplomatic activities from government agencies around the world. The groups were analyzed to have demonstrated a pattern of sharing malwares and vulnerability information for hacking activities.
Among the SectorB hacking groups, activities by a total of 36 hacking groups were identified in 2023, with the activity of SectorB22 group being the most prominent.
[Figure 1: Statistics of Activities of SectorB Groups identified in 2023]
SectorB hacking groups identified in 2023 carried out the highest number of attacks on workers and systems in government agencies, followed by manufacturing and education sectors.
[Figure 2: Statistics of Industries Targeted in 2023]
The following map illustrates the countries targeted by SectorB groups in 2023, with darker shades of red indicating higher frequencies of attacks. This shows that SectorB Group conducted the most hacking activities against the United States, followed by Taiwan and Hong Kong.
[Figure 3: Countries Targeted by SectorB Groups in 2023]
INITIAL ACCESS ROUTE of SectorB Group
Among the initial access routes used by SectorB groups, distributing spear phishing with malicious attachment was found to be the primary access route used in 2023.
Spear phishing attacks are social engineering attacks targeting specific individuals or organizations. Through malicious links, attackers induce targets to input their credentials or execute malware.
The groups disguise themselves as trusted contacts or credible individuals to induce the target to execute malicious links or attachments, making spear phishing the most commonly utilized method with its high likelihood of successful initial access.
[Figure 4: Statistics of Initial Access Routes used by SectorB Groups]
Vulnerabilities Exploited by SectorB Group
Among the top 5 vulnerabilities exploited by SectorB groups, CVE-2017-11882 (MS Office Equation Editor Vulnerability) and CVE-2023-2868 (Barracuda Networks ESG Appliance vulnerability due to inadequate authentication) were most prominently exploited in 2023.
SectorB group exploited the CVE-2017-11882 (Microsoft Office Equation Editor Vulnerability) to distribute malicious attachments through spear phishing, inducing users to execute the document and subsequently download and execute additional malware on the targeted system.
Additionally, the group gained access to the target systems and stole sensitive data by exploiting CVE-2023-2868 (Barracuda Networks ESG Appliance vulnerability due to inadequate authentication).
[Figure 5: Statistics of Top 5 Vulnerabilities Exploited by SectorB Group in 2023]
|
Vulnerability |
Classification |
Target System |
|
CVE-2017-11882 |
Memory Corruption Vulnerability | Barracuda Networks ESG Appliance |
|
CVE-2023-2868 |
Improper Input Validation Vulnerability |
Microsoft Office |
|
CVE-2018-0798 |
Memory Corruption Vulnerability | Microsoft Office |
| CVE-2018-0802 | Memory Corruption Vulnerability |
Microsoft Office |
| CVE-2021-40539 | Authentication Bypass Vulnerability |
Zoho ManageEngine ADSelfService Plus |
[Table 1: Top 5 Vulnerabilities Exploited by SectorB Group in 2023]
SectorB Attack Target Systems Statistics
Software vulnerabilities are typically categorized into server and client types. Hacking groups, strategically positioned at the heart of networks, exploit vulnerabilities within server systems to facilitate further attacks on internal networks.
Among the top 5 attack target systems by SectorB groups, the greatest number of attacks were carried out on the Microsoft Exchange Server, Microsoft’s business email service in 2023.
This is believed to be aimed at establishing a foothold to infiltrate internal organizational systems and for the purpose of exfiltrating high-value information, thus making server-type systems the primary target of the attacks.
[Figure 6: Statistics of Top 5 Attack Target Systems by SectorB Group in 2023]
Open Source and Freeware Tools Utilized by SectorB Group
Among the top 5 open source and freeware tools utilized by SectorB groups, the penetration testing tool “Cobalt Strike” was identified as the most frequently used tool in 2023.
It is analyzed that Cobalt Strike was most utilized due to its ability to efficiently control targets through various functions such as privilege escalation, information exfiltration, and command and control (C2) communication.
[Figure 7: Statistics of Top 5 Open Source and Freeware Tool used by SectorB Group in 2023]
|
Tool Name |
Function |
|
Cobalt Strike |
Penetration Testing Tool |
|
Mimikatz |
Windows Credential Information Collection Tool |
|
Impacket |
Python classes for network protocols |
| Fscan |
Network Scanning Tools |
| NbtScan |
NetBIOS Nameserver Scan Tool |
[Table 2: Top 5 Open Source and Freeware Tool used by SectorB Group in 2023]
The full report detailing each event together with IoCs (Indicators of Compromise) and recommendations is available to existing NSHC ThreatRecon customers. For more information, please contact service@nshc.net.