Category | Details |
---|---|
Threat Actors | China-based threat actor, possibly linked to Daggerfly, Crimson Palace |
Campaign Overview | Espionage attack targeting a large U.S. organization, lasting from April to August 2024 |
Target Regions (Victims) | U.S. organization, Exchange servers, internal network computers |
Methodology | Lateral movement across network, email harvesting, data exfiltration |
Product Targeted | Exchange Servers, internal organizational computers |
Malware Reference | Exfiltration tools, custom malware loaded via legitimate applications |
Tools Used | Tools made by Google, Apple, legitimate business apps |
Vulnerabilities Exploited | Exchange servers, internal network weaknesses, legitimate tool abuse |
TTPs | Persistent access, email intelligence gathering, exfiltration, lateral movement |
Attribution | Likely China-based attackers, Daggerfly (Chinese government-backed group), Crimson Palace |
Recommendations | Strengthen network monitoring, implement strict application verification, detect lateral movement |
Source | The Record |
Read full article: https://therecord.media/us-org-with-presence-in-china-hacked-symantec
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply