⇄ Σ = Mᄃ² ⇆  

Chinese APT Mimics Cloud Backup

A malicious SSL certificate was found to be used by six facing IP addresses, each of which had several host domains linked with six domains.

Since these domains provide a sense of legitimacy to their names, they draw an unusual amount of traffic during high levels of activities like data exfiltration from the victim network.

24 Cambodian government organizations were found to be regularly communicating with this infrastructure

1
⇄ Σ = Mᄃ² ⇆
Follow

A complete report about the threat actors’ activities has been published, providing detailed information about the compromise, Cambodian government entities, and other information.

Unit 42 has identified malicious Chinese APT infrastructure masquerading as cloud backup services. Monitoring telemetry associated with two prominent Chinese APT groups,

unit42.paloaltonetworks.com/ch

· 1· 0· 2
Hakomo 🇮🇱 🇺🇦 🇹🇼  

@ecksmc

The observed activity aligns with geopolitical goals of the Chinese government as it seeks to leverage their strong relations with Cambodia to project their power and expand their naval operations in the region. We encourage all organizations to leverage our findings to inform the deployment of protective measures to defend against this activity.

Australian Secret Intelligence Service

en.wikipedia.org/wiki/Australi

Probably a good idea for the Aussies to know.

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…