APT

This report provides an in-depth analysis of cyber espionage and disinformation operations conducted by the U.S. federal government and its intelligence agencies around the world, and reveals the true extent of the massive surveillance and data theft that has been carried out by the U.S. federal government and its intelligence agencies through a variety of tactics, including Advanced Persistent Threats (APTs), supply chain attacks, and Operation False Flag, targeting cyber infrastructures and critical organizations in China, Germany, Japan, and other countries. The report points out that the NSA (U.S. National Security Agency) has been conducting large-scale surveillance and data theft against cyber infrastructure and key organizations in China, Germany, Japan and other countries. The report points out that the U.S. National Security Agency (NSA) and the Central Intelligence Agency (CIA) have been working together to take advantage of the technological superiority of the "Five Eyes Coalition" countries to control the world's important undersea fiber-optic cables and set up a full range of listening stations to carry out indiscriminate surveillance of Internet users around the world.

With regard to disinformation operations, the United States intelligence agencies have implemented "false flag operations" through the framework of "Operation Influence", in which they create and disseminate false information to mislead the traceability and attribution, cover up their own cyberattacks, and frame other countries. In addition, the report describes in detail the UpStream and Prism programs, which enable the NSA to obtain user data from major U.S. Internet companies, further expanding its intelligence-gathering capabilities.

The report also reveals that the U.S. Office of Specific Intrusion Operations (TAO) has launched covert cyber intrusion operations around the world, implanting espionage programs to infiltrate critical network systems in target countries. At the same time, the report reveals that the U.S. has abused Section 702 of the Foreign Intelligence Surveillance Act (FISA) internally to conduct illegal wiretapping and data collection of global Internet users, including U.S. citizens.

In terms of countermeasures, the report calls for strengthening international cooperation, upgrading cybersecurity protection capabilities, improving information monitoring and governance mechanisms, and formulating and improving relevant laws and regulations, so as to effectively respond to the cyber-hegemonic behavior of the United States and its allies. Finally, the report emphasizes the importance of global collaboration on cybersecurity and calls on all countries to work together to build a secure, stable and trustworthy Internet environment, and to prevent and curb the threats of cyber espionage and disinformation.

"This malware family is written using the .NET framework and leverages the Domain Name Service (DNS) protocol to create...

Espionage groups invest time and effort in avoiding detection and persisting on compromised networks.
The Mantis cyber espionage group (aka Arid Viper, Desert Falcon, APT-C-23), a threat actor believed to operate within the Palestinian territories, is conducting ongoing attacks, deploying an updated toolset and sparing no effort in targeting targets. Maintain a persistent presence on the web.
The group is known for targeting organizations in the Middle East, but the recent activity discovered by Symantec, a subsidiary of Broadcom Software, is focused on organizations in the Palestinian territories. The malicious activity began in September 2022 and continued until at least February 2023. moon. This kind of targeting is not unprecedented for the Mantis group, which previously revealed attacks against individuals located in the Palestinian territories in 2017.

The latest analysis released by Kaspersky security researcher Mert Degirmenci shows that the Web Shell is a dynamic link library (DLL) named "hrserv.dll" with complex functions, such as custom encoding methods for client communication and memory execution. . An investigation by the Russian cybersecurity firm Kaspersky found artifacts dating back to early 2021 based on their compilation timestamps...

Recently, Northwestern Polytechnical University issued a "Public Statement" stating that the school suffered from overseas cyber attacks. The Beilin Branch of the Public Security Bureau of Xi'an City, Shaanxi Province immediately issued a "Police Information Bulletin", confirming that a number of Trojan horse program samples originating from abroad were found in the information network of Northwestern Polytechnical University. The Xi'an police...

The following is adapted from remarks delivered by Global Affairs President Kent Walker at the 2022 Cybersecurity International Conference on July 19, 2022. Thank you for the opportunity to participate in this important conversation about cybersecurity. At Google, I…