Decouple an App From the OS Before You Move to the Cloud

Virtual Application Appliances

Subscribe to Virtual Application Appliances: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Virtual Application Appliances: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

VAA Authors: Destiny Bertucci, Ray Parker, William Schmarzo, Pat Romanski, Gilad Parann-Nissany

Related Topics: CEOs in Technology, Cloud Computing, Twitter on Ulitzer, SEO Journal, Facebook on Ulitzer, Virtual Application Appliances, Java in the Cloud, Government Cyber Assurance

News Feed Item

TrapX Discovers 'Zombie Zero' Advanced Persistent Malware

Made in China; State Sponsored Attack Targeting Shipping and Logistics Industry Worldwide

SAN MATEO, CA -- (Marketwired) -- 07/10/14 -- TrapX, provider of the fastest growing sensor-based HoneyGrid™ in the world, announced the discovery of a highly sophisticated, polymorphic advanced persistent malware dubbed "Zombie Zero" targeting the shipping and logistics industry across the globe. Weaponized malware was delivered into shipping and logistics enterprise environments from a Chinese manufacturer responsible for selling proprietary hardware for terminal scanners used to inventory items being shipped or transported in and out many countries. The malware was delivered through the Windows embedded XP operating system installed on the hardware at the manufacturer's location in China and could also be downloaded from the Chinese manufacturer's support website. A variant of this malware was also sold and delivered with the same hardware product to a large manufacturing company as well as to seven other identified customers of this hardware product worldwide.

Description of Zombie Zero Behavior and Attack

  • Once the scanner was attached to the wireless network and put into production it immediately began an automated attack of the corporate environment using the server message block protocol.
  • The shipping and logistics target installed security certificates on its scanner devices for network authentication but because the devices were already infected with the advanced persistent malware from the manufacturer, the certificates were completely compromised.
  • The scanned data (origin, destination, contents, value, to, from, etc.) was copied and sent out to an established comprehensive command and control connection (CnC) to a Chinese botnet that was terminated at the Lanxiang Vocational School located in the "China Unicom Shandong province network". The Lanxiang Vocational School has been linked to on-line attacks of Google and implicated in the Operation AURORA attack. The Chinese scanner manufacturer is located blocks away from the Lanxiang Vocational School.
  • A second payload was then downloaded from the botnet that established a more sophisticated CnC of the company's finance servers giving the cybercriminal access to corporate financial data, customer data, detailed shipping and manifest information.
  • The exfiltration of all financial data as well as CRM data was achieved providing the attacker complete situational awareness and visibility into the shipping and logistics targets worldwide operations.

"The problem with legacy security technologies is that they are not able to adapt to defend against emerging threats in real-time," said David Monahan, Research Director at Enterprise Management Associates. "Today's threat actors are smarter than ever morphing their attacks multiple times to achieve the goal of undermining existing security defenses. The next generation of security solutions must be just as adaptable to counter these modern threats."

"Security futurists have long favored honeypots as a way to actively defend the network. The challenge with honeypots is that they've largely required manual deployment. They've been difficult to scale across the network, particularly in rapid response to current attacks," said Yaniv Alfi, cofounder and CEO. "TrapX has taken the honeypot idea to the next level. We provide a virtualized honeygrid platform that not only emulates hundreds of services across the network -- our software also senses hostile scans and spins up targeted honeypots where they're needed most in order to identify cybercriminal, insider, or nation-state activity."

TrapX, formally known as CyberSense, conducts powerful real-time analytics and threat intelligence to support Adaptive Defense of the network while providing full incident lifecycle management -- detection, remediation and prosecution. The TrapX 360 platform is designed to detect and interdict lateral movement within networks and keep attackers from establishing footholds in the network nerve center.

To view the full anatomy of the attack, please access it here.

For more on TrapX, visit their website at

Visit our blog:
Follow us on Twitter: @trapxsecurity
Follow us on LinkedIn:
Like us on Facebook:

About TrapX
TrapX has invented a purpose-built, virtual appliance-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. The TrapX360 Platform provides real-time, adaptive threat protection by leveraging our patented HoneyGrid™ malware trap and DPI technology. TrapX360 traps zero-day malware in its virtualized sensor network or HoneyGrid™ and next-generation malware traps before the malware can inflict significant damage to customers' data centers or cloud deployments. Combined with fully automated advanced forensic capability and a threat intelligence fusion center, TrapX provides the most comprehensive context sensitive alerting and reporting in the market.

Media Contact:
Angel Rodriguez
Trainer Communications
[email protected]

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.