TaskMasters

Description

(Positive Technologies}) The main objective of the group is to steal confidential information. The attackers attempt to burrow into corporate information systems for extended periods and obtain access to key servers, executive workstations, and business-critical systems.

At one of the attacked companies, the earliest traces of the group’s presence on infrastructure dated to 2010. Since the group had obtained full control of some servers and workstations by that time, the initial breach must have occurred much earlier.

Most of the attacked companies relate to manufacturing and industry. In total we are aware of compromise of over 30 companies and organizations in various sectors, including:

• Manufacturing and industry • Energy • Government • Science and technology • Systems integration • Software development • Geology • Transport and logistics • Real estate • Construction

The group attacked companies in a number of countries. A significant number of their targets were located in Russia and the CIS.

Names

Name	Name-Giver
TaskMasters	Positive Technologies

Country

• China

Motivation

• Information theft and espionage

First Seen

2010

Observed Sectors

• Construction
• Energy
• Government
• IT
• Manufacturing
• Shipping and Logistics
• Technology
• Transportation
• Systems integration and Real estate

Observed Countries

• Russia
• CIS

Tools

• 404-Input-shell web shell
• ASPXSpy
• AtNow
• DbxDump Utility
• gsecdump
• HTran
• jsp File browser
• Mimikatz
• nbtscan
• PortScan
• ProcDump
• PsExec
• PsList
• pwdump
• reGeorg
• RemShell
• RemShell Downloader

Operations

• 2021-05: Chinese APTs attack Russia https://blog.group-ib.com/task

Information

• https://www.ptsecurity.com/ww-en/analytics/operation-taskmasters-2019/

Other Information

Uuid

d07c892e-b93a-4850-a6d1-ef90f8c6ff1c

Last Card Change

2021-08-10