icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

Summary:
Earlier this year, a large U.S. organization with operations in China experienced a targeted cyberattack attributed to China-based threat actors, likely for intelligence gathering. The attackers maintained a presence in the network from April to August 2024, using lateral movement to compromise multiple systems, including Exchange Servers, for email harvesting. Exfiltration tools were also deployed, indicating the theft of sensitive data. The attackers leveraged various tools and techniques, such as DLL sideloading with legitimate applications to execute malicious payloads. They also used open-source tools like Impacket, FileZilla, and PSCP, along with "living-off-the-land" methods such as WMI, PowerShell, and PsExec, to execute commands, move laterally, and exfiltrate data. Malicious activity included credential dumping, querying Active Directory via Kerberoasting, and targeting Exchange Servers for email data.


Security Officer Comments:
Suspicious activities were observed on multiple machines. These included executing PowerShell scripts for reconnaissance and downloading malicious files, using renamed legitimate applications for DLL sideloading, and exfiltrating data via tools like WinRAR and PSCP. Commands targeting Windows Event Logs, Active Directory, and system configurations were also employed. Connections to known China-based groups like Daggerfly and Crimson Palace were suggested by the use of previously identified tools and techniques.


Suggested Corrections:

IOCs:
https://www.security.com/threat-intelligence/china-southeast-asia-espionage


Organizations can make APT groups’ lives more difficult. Here’s how:

  • Defense-in-depth strategy: A comprehensive defense-in-depth strategy is crucial to combat APTs. This includes implementing multiple layers of security controls, such as strong perimeter defenses, network segmentation, endpoint protection, intrusion detection systems, data encryption, access controls, and continuous monitoring for anomalies.
  • Threat intelligence and sharing: Ideally, organizations should actively participate in threat intelligence sharing communities and collaborate with industry peers, government agencies, and security vendors. Sharing information about APTs and their techniques can help detect and mitigate attacks more effectively.
  • Employee education and awareness: Regular security awareness programs, phishing simulations, and training sessions can educate employees about the latest threats, social engineering techniques, and safe computing practices.
  • Incident response and recovery: Despite preventive measures, organizations should have a well-defined incident response plan. This includes incident detection, containment, eradication, and recovery procedures to minimize the impact of APT attacks and restore normal operations.

Link(s):
https://www.security.com/threat-intelligence/china-southeast-asia-espionage

https://thehackernews.com/2024/12/researchers-uncover-espionage-tactics.html

Contact Us for Threat Assistance
Back to Current Threats