Asia’s hackers are finding a home on the dark web
While the vast majority of Asia-focused cybersecurity research examines government-backed threats, a new report shows that the region’s dark web is becoming a fertile training ground for independent hackers to learn more skills and trade new exploits.
Research released Wednesday by New York-based IntSights details a number of Asian countries’ use of websites that require access through special software such as the Tor browser. Hackers in China, Japan, North Korea, Indonesia and Vietnam have adopted the dark web — which is usually associated with U.S. and Russian activity — to create their own criminal communities, the report says.
“As the dark web grows, companies and government organizations need to understand that it’s no longer enough to monitor cybercrime activities typically associated with Russian, North Korean or other English-speaking cyber groups,” said Itay Kozuch, Director of Threat Research for IntSights.
In a presentation shown to CyberScoop at the Black Hat security conference in Las Vegas, Kozuch pointed to numerous forums where hackers share tips, tricks and techniques on various hacking methods and tools. Users could find different ways to use malware such as Metasploit or download the full source code for WannaCry. Another forum was offering 500 Gbps DDoS attacks for 5000 yuan, which converts to $733.
“Think about how cheap that is,” Kozuch said. “That’s two hours worth of security consulting.”
The wrinkles in the way that Asian governments deal with censorship and internet access inhibit researchers from discovering what the Asian hackers are up to, the report says.
“Language barriers, cultural differences and government-imposed access restrictions make it incredibly difficult for threat hunters to access and blend in with these Asian underground communities to effectively perform threat reconnaissance,” the report reads.
Without the ability to track these actors, these communities present a threat that could eclipse any nation-state group.
“This could go beyond APT1 or APT28,” he said. Those advanced persistent threats are typically associated with China and Russia, respectively.
In the case of one major hacking power — China — any dark web conversations are secondary to what’s happening on the clear and open web, the report says.
“While in other countries cyber criminals would usually turn to the deep and dark web in order to offer their services or products, the Chinese are more active on the clear net because the government limits access to the dark web,” the report reads. “In addition, cybercriminals can reach a greater pool of buyers on the clear Chinese Internet and achieve higher profits. Obviously, this makes it more risky for the seller, so Chinese cyber criminals use special “jargon” or “code names” to avoid government censors and crackdowns.”
You can read the full report on IntSights’ website.