skip to Main Content

Cyber Warfare, CISA: China-linked hackers target US agencies

The CISA: China state-sponsored hackers are targeting US Agencies with publicly available information sources and common, well-known, TTPs

China state-sponsored hackers are targeting US Agencies. It has been denounced by the Cybersecurity and Infrastructure Security Agency (CISA). They are affiliated to the Chinese Ministry of State Security (MSS), and use publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to attack. The cyber threat actors exploit external proxy tools or hop points to enable their cyber operations while remaining anonymous. These may be commercially available infrastructure as a service (IaaS) or software as a service (SaaS) in the form of a web browser promising anonymity on the internet. For example, “The Onion Router” (Tor) is often used by cyber threat actors for anonymity and C2. Actor’s carefully choose proxy tools depending on their intended use. These techniques are relatively low in complexity and enabled by commercially available tools, yet they are highly effective and often reliant upon existing vulnerabilities and readily available exploits.

It’s the second warning by the cyber security community in few days ahead the next presidential elections

This is the second warning spread by the cyber security community on the cyber warfare and cyber espionage attacks against US bodies. The other one was published by Microsoft and was linked to the next elections. In recent weeks, the company detected cyber attacks targeting people and organizations involved in the upcoming presidential vote, including unsuccessful attacks on people associated with both the Trump and Biden campaigns. The activity we makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported. Moreover, there are other institutions and enterprises worldwide hit with a similar adversary activity. The worst threats come from well known state-sponsored actors. Strontium, operating from Russia, Zirconium from China, and Phosphorus from Iran.

 

Back To Top