TTP Tuesday: APT29 - US Think Tanks and Non-Governmental Organizations
feed.prelude.org
Theme Overview Last week Octavia disarmed the SeaDuke malware so it could be included in the chain that emulated the 2016 DNC Hack. This week has an increased scope, but we would be remiss if we didn’t draw some ideas from the notorious SolarWinds attack. There were two key things that made the SolarWinds attack special. The first was just the massive scope of the attack, which would have gone on much longer if FireEye itself wasn’t targeted by the attack. The second was that the attack used a supply chain as its initial access. An attack that target’s a supply chain is extremely efficient since the attacker’s return on investment is multiplied by the number of consumers of the product. Emulating this type of attack is quite difficult; it often requires access to the manufacturing facility, whether that be software (like in the SolarWinds attack) or hardware.
TTP Tuesday: APT29 - US Think Tanks and Non-Governmental Organizations
TTP Tuesday: APT29 - US Think Tanks and…
TTP Tuesday: APT29 - US Think Tanks and Non-Governmental Organizations
Theme Overview Last week Octavia disarmed the SeaDuke malware so it could be included in the chain that emulated the 2016 DNC Hack. This week has an increased scope, but we would be remiss if we didn’t draw some ideas from the notorious SolarWinds attack. There were two key things that made the SolarWinds attack special. The first was just the massive scope of the attack, which would have gone on much longer if FireEye itself wasn’t targeted by the attack. The second was that the attack used a supply chain as its initial access. An attack that target’s a supply chain is extremely efficient since the attacker’s return on investment is multiplied by the number of consumers of the product. Emulating this type of attack is quite difficult; it often requires access to the manufacturing facility, whether that be software (like in the SolarWinds attack) or hardware.