![]() Spear-phishing campaignīy definition, spear phishing is a highly targeted phishing attack. ![]() This report will reveal the tactics and techniques used by the threat actors and provide a technical analysis of the observed malicious stages and payloads, including previously unknown loaders and backdoors with multiple advanced evasion and anti-analysis techniques. Researchers estimate with high confidence that the campaign was carried out by an experienced and sophisticated Chinese nation-state APT. The investigation showed that this campaign is part of a larger Chinese espionage operation that has been ongoing against Russian-related entities for several months. These sanctions have put enormous pressure on the Russian economy, and specifically on organizations in multiple Russian industries. It comes as no surprise that Russian entities themselves became an attractive target for spear-phishing campaigns that are exploiting the sanctions imposed on Russia by western countries. In the past two months, Check Point Research (CPR) observed multiple APT groups attempting to leverage the Russia and Ukraine conflict and sanctions against Russian companies as baits for espionage operations. These tools use advanced evasion and anti-analysis techniques such as multi-layer in-memory loaders and compiler-level obfuscations. The hackers use new tools, which have not previously been described: a sophisticated multi-layered loader and a backdoor dubbed SPINNER.The campaign has been dubbed Twisted Panda to reflect the sophistication of the tools observed and the attribution to China. This activity was attributed to a Chinese threat actor, with possible connections to Stone Panda (aka APT10), a sophisticated and experienced nation-state-backed actor, and Mustang Panda, another proficient China-based cyber espionage group.The operation may still be ongoing, as the most recent activity was observed in April 2022. This campaign is a continuation of what is believed to be a long-running espionage operation against Russian-related entities that has persisted since at least July 2021.Check Point Research (CPR) unveils a targeted campaign against at least two research institutes in Russia, which are part of the Rostec corporation, a state-owned defense conglomerate. ![]() shot down a Chinese spy balloon that had crossed the United States. U.S.-China relations became further strained earlier this year after the U.S. Those tensions spiked last year after then-House Speaker Nancy Pelosi’s visit to democratically governed Taiwan, leading China, which claims the island as its territory, to launch military exercises around Taiwan. national security establishment considers its main military, economic and strategic rival - have been on the rise in recent months. Tensions between Washington and Beijing - which the U.S. Bryan Vorndran, the FBI cyber division assistant director, called the intrusions “unacceptable tactics” in the same statement. “For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” said CISA Director Jen Easterly, urging mitigation of affected networks to prevent possible disruption. The maker of Fortiguard devuces, Fortinet, did not immediately respond to an email seeking further details. It said the intruders gained initial access through internet-facing Fortiguard devices, which are engineered to use machine-learning to detect malware. Microsoft said the intrusion campaign placed a “strong emphasis on stealth” and sought to blend into normal network activity by hacking small-office network equipment, including routers. Separately, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and their counterparts from Australia, New Zealand, Canada and Britain published a joint advisory sharing technical details on “the recently discovered cluster of activity.” It said organizations affected by the hacking - which seeks persistent access - are in the communications, manufacturing, utility, transportation, construction, maritime, information technology and education sectors. Microsoft said in a blog post that the state-sponsored group of hackers, which it calls Volt Typhoon, has been active since mid-2021. Hostile activity in cyberspace - from espionage to the advanced positioning of malware for potential future attacks - has become a hallmark of modern geopolitical rivalry. has a major military presence, the company said. The targets include sites in Guam, where the U.S. and Asia during future crises, Microsoft said Wednesday. critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. BOSTON (AP) - State-backed Chinese hackers have been targeting U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |