With Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other U.S. and international partners, we published a joint advisory that outlines activity and tradecraft of a state-sponsored cyber group associated with the PRC Ministry of State Security. It is based on current, shared understanding of advanced persistent threat group, APT 40, and recent ASD’s ACSC incident response investigations. https://go.dhs.gov/3mu
APT 40 demonstrates agility in quickly using public exploit proofs of concept (POCs) to target networks of interest, conducts regular reconnaissance against networks of interest, and exploits rapidly new public vulnerabilities in widely used software.
To help cybersecurity practitioners identify, prevent and remediate APT 40 intrusions against their own networks, the advisory provides a couple significant case studies of this adversary’s malicious activity against victim network.
Recommended mitigations to reduce risk to being compromised by similar activity include comprehensive and historical logging information, prioritize patching for all internet exposed devices and services, and segment networks to limit or block lateral movement. https://go.dhs.gov/3mu
A timely reminder! Scammers never take a break. Implementing these four simple steps can significantly boost your digital workplace safety. Encourage your team to stay vigilant and secure.