Intelligent CIO APAC Issue 16 - Page 54

clusters of attack activity were identified that have evaded detection since at least 2017 and are assessed to be the work of several prominent Advanced Persistent Threat ( APT ) groups aligned with the interests of the Chinese government . Cybereason observed a significant overlap in tactics , techniques and procedures ( TTPs ) across the three operations and assessed that the attackers were likely tasked with parallel objectives under the direction of a centralized co-ordinating body aligned with Chinese state interests .
Lior Div , Cybereason CEO and Co-founder , said : “ The attacks are very concerning because they undermine the security of critical infrastructure providers and expose the confidential and proprietary information of both public and private organizations that depend on secure communications for conducting business . These state-sponsored espionage operations not only negatively impact the telcos ’ customers and business partners , they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region ’ s stability .
“ This is why Cybereason maintains a global team of seasoned threat intelligence investigators whose focus is to expose the tactics , techniques and procedures of advanced adversaries so we can better protect organizations from these kinds of complex attacks now and into the future .”
Key findings include :
• Adaptive , persistent and evasive : The highly adaptive attackers worked diligently to obscure their activity and maintain persistence on the infected systems , dynamically responding to mitigation attempts after having evaded security efforts since at least 2017 , an indication that the targets are of great value to the attackers .
• Compromise of third-parties to reach specific targets : Similar to the recent SolarWinds and Kaseya attacks , the threat actors first compromised third-party service providers – but in this case instead of using them to deliver malware through a supply chain attack , the intent was to leverage them to conduct surveillance of their customers ’ confidential communications .
54 INTELLIGENTCIO APAC www . intelligentcio . com