Press ESC to close

US org with ‘significant presence in China’ targeted by hackers, Symantec says

Category Details
Threat Actors China-based threat actor, possibly linked to Daggerfly, Crimson Palace
Campaign Overview Espionage attack targeting a large U.S. organization, lasting from April to August 2024
Target Regions (Victims) U.S. organization, Exchange servers, internal network computers
Methodology Lateral movement across network, email harvesting, data exfiltration
Product Targeted Exchange Servers, internal organizational computers
Malware Reference Exfiltration tools, custom malware loaded via legitimate applications
Tools Used Tools made by Google, Apple, legitimate business apps
Vulnerabilities Exploited Exchange servers, internal network weaknesses, legitimate tool abuse
TTPs Persistent access, email intelligence gathering, exfiltration, lateral movement
Attribution Likely China-based attackers, Daggerfly (Chinese government-backed group), Crimson Palace
Recommendations Strengthen network monitoring, implement strict application verification, detect lateral movement
Source The Record

Read full article: https://therecord.media/us-org-with-presence-in-china-hacked-symantec

Disclaimer: The above summary has been generated by an AI language model

Source: The Record

Published on: December 5, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *