NSA: Spy Groups Use These Techniques in Global Attacks

Spy groups operating out of China use a variety of techniques, tactics, and procedures to break into government agencies, businesses, and educational institutions, according to the US Secret Service NSA, the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of State. Homeland Security in a document released today ( pdf ).

Four Chinese nationals allegedly belonging to one of these groups, designated APT40, were also charged today. This group is suspected of a years-long espionage campaign against government agencies, companies, and educational institutions, during which all kinds of trade secrets and confidential company information were stolen.

The US authorities have now provided an overview of techniques and tactics that APT40 employed and that would be used by Chinese spy groups in general. The attacks make use of vulnerabilities in popular applications such as Pulse Secure VPN, Apache, F5 Big-IP and Microsoft products.

These vulnerabilities are sometimes attacked several days after they are disclosed, the NSA said. In addition, the attackers also use spearphishing, drive-by downloads via compromised websites and typosquatting. The use of compromised login details is also a widely used technique. Once a system is accessed, attempts are made to compromise the further network and attackers install all kinds of malware.

In the document, the NSA, FBI and CISA also provide advice and mitigation measures to counter such attacks, including installing security updates in a timely manner, using multi-factor authentication, disabling the remote desktop protocol (RDP) when not in use. , which also applies to PowerShell. Also, loading remote dll files is discouraged and extensive advice is given on monitoring systems and traffic.

The three US government agencies are calling on organizations to implement the document's recommendations to reduce the likelihood of "malicious Chinese cyber activities" and strengthen defenses of vital networks.

Previous Post Next Post