These files appear as photo uploads to a website, but are in fact files of stolen data simply masquerading as a JPG.ĬozyBear appears to prefer targeting high-value government-related departments in the US, UK, European Union (including Norway and Germany), South Korea and Uzbekistan. CozyBear can also hide its network activity by using fake.By using the likes of Twitter to send information to the C&C, it helps them avoid detection. One technique CozyBear uses that isn't seen so much in some of the other APTs on this list is that the Russian actors use social media to communicate with their command and control (C&C) centre.In an alternative technique, victims were shown a Flash video called "Office Monkeys LOL Video.zip", which was not only a video player but also a dropper for the group's CozyDuke malware kit.
#Modern espionage techniques pdf#
Victims are sent to a hacked website that contains a ZIP archive of CozyBear's malware, which displays as an empty PDF decoy to the user.The group has used wide-net phishing commonly (in contrast to the spear-phishing attacks of many of the groups below), sending sometimes thousands of emails to a broad range of targets.These are some of the notable attack vectors: Having been in operation for so long, CozyBear has been associated with a number of different malware kits, and changes toolset frequently. Other known names: APT29, YTTRIUM, The Dukes and Office Monkeys. An attack on the Norwegian government.The Democrat party (DNC) hack from the 2016 US elections.Spear phishing activities against coronavirus researchers in the UK.As you can imagine, this means they've had quite a history, having been the suspects behind numerous major cyber attacks:
They've been in operation for quite some time, with researchers dating their activities as far back as 2008. This APT is believed to be Russian in origin, likely backed by the FSB. Hitting headlines recently as the suspected perpetrators of the SolarWinds attack, CozyBear is probably one of the most prominent cyber espionage groups in this list. Read more: " Should German businesses care about the SolarWinds hack?" 1.
#Modern espionage techniques how to#
The world's new reality is inescapable: cyber espionage groups are out there, and even if your organization isn't a direct target, it's increasingly likely that you may still suffer their impact.Īs we learned during the recent SolarWinds hack, the fact that our world has turned to a highly digital supply chain means companies are so intertwined that if one falls, it can knock out hundreds, if not thousands, more.īut what cyber espionage groups - also known as advanced persistent threats (APT) - are out there right now? What are their common techniques and what have they been doing recently? Below we outline a list of 10 of the top APT groups to be aware of in 2021 - and how to defend against common hacker tactics.
0 kommentar(er)
