Japan ministry become the recent victim of a cyber attack through a malware that suspected to have compromised and sent overseas more than 3,000 confidential documents from the ministry, including many on global trade negotiations.
After investigation, experts found that Hackers use "HTran" the Advanced Persistant Threat (APT) exploit kit for attack. Computers at country's Ministry of Agriculture, Forestry and Fishery suspected to be infected from this.
HTran is a rudimentary connection bouncer, designed to redirect TCP traffic destined for one host to an alternate host. The source code copyright notice indicates that HTran was authored by "lion", a well-known Chinese hacker and member of "HUC", the Honker Union of China.
A lot of the documents were about the negotiations over the US-led Trans-Pacific Partnership multilateral trade pact. According to a report from SecureWorks, Dell’s security division, in 2011 that the malware is believed to have been developed by a Chinese hacker group back in 2003.
HTran is used by many APT hackers to disguise the location of their command and control (C2) servers. The National Information Security Center of the Cabinet Secretariat discovered about one year ago that suspicious transmissions involving HTran had occurred at the ministry.
But no individuals or groups have been identified as the culprits in this new cyber attack as the police continue to investigate. The police will ask the ministry to explain how it discovered cyber-attacks and confirm whether a leak actually took place, the police sources said.