Skip to content

Chinese APT targets Outlook

Posted by:
2 min read

July 13, 2023 – Published on The Cyberwire

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory regarding a Chinese cyberespionage campaign that’s targeting government officials. The advisory urges organizations, especially those operating critical infrastructure, to step up their monitoring and logging of activity surrounding Microsoft Exchange Online environments. Microsoft described the campaign in a blog post earlier this week, noting that the threat actor compromised email accounts at approximately 25 organizations “by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key.”

Mark Lance, VP of DFIR at GuidePoint Security, urges organizations to develop an understanding of APTs.

These nation-state threat actors are sophisticated and dispose of significant resources. “Over the past couple years, the prevalence of more widely encountered threats such ransomware, which impacts a wide variety of customers across all industry verticals, shapes, and sizes, has definitely outweighed focus on Advanced Persistent Threats (APT),” Lance wrote.

“Per its acronym, Advanced Persistent Threats, or APT, are typically much more sophisticated and targeted in nature, with a motivation of gathering information, as opposed to the more common cybercriminal or opportunistic threats, which are monetarily motivated. These APT groups are typically state-sponsored, and have a tendency to target industries, organizations, and individuals, with the attempt to gather sensitive information. This could include anything from trying to access emails for government officials to collect classified information about any relevant topic, to theft of Intellectual Property from a manufacturer, because it costs them less to steal the results of others’ Research & Development efforts versus performing their own. Again, these types of targeted intrusions have been a perpetual risk for decades, but don’t garner the same level of attention publicly, since they’re a risk or impact a much smaller list of companies. That said, they’ve always been around, customers should understand their risk profiles, what types of threats (such as APT) are higher risks for their organizations, and have to address them accordingly, because they haven’t and won’t be going anywhere.”

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

Stories from the Cybersecurity Trenches: The Persistent Art of APT: How attackers executed root-level code
This is a true story involving an APT attacker that occurred in 2021.
Watch Now

Related Articles

View All

  • Cybersecurity
Stories from the Cybersecurity Trenches: The Persistent Art of APT: How attackers executed root-level code
Read More < 1 min read
  • Incident Response & Threat Intelligence
Digital Forensics & Incident Response Overview
Read More < 1 min read
  • Incident Response & Threat Intelligence
Preparing for Incident Response: Best Practices
Read More < 1 min read