Cybersecurity and Infrastructure Security Agency’s Post

🚨Today the Australian Signals Directorate and other international partners published a joint advisory about the current threat to Australian networks from state-sponsored cyber groups tracked as Advanced Persistent Threat (APT) 40: Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohhawk. These state-sponsored groups have repeatedly targeted Australian networks including government and private sector networks in the region. They have embraced the global trend of using compromised devices, including small-office/home-office (SOHO) devices many of which are end-of-life or unpatched and offer a soft target for N-day exploitation. Mitigations that can reduce the effectiveness of this activity includes: ▶Patch management ▶Network segmentation ▶Logging and detection #cybersecurity #industrialcyber #australia

APT40 Actors Target Newly Discovered Vulnerabilities on Public-Facing Devices The Cybersecurity and Infrastructure Security Agency advisory details the tactics, techniques, and procedures (TTPs) used by APT40, a cyber actor group affiliated with China's Ministry of State Security (MSS). Key Points: Targets: APT40 focuses on Australian networks and government/private sector networks regionally. Their activity poses a continuous threat. Rapid Exploitation: APT40 has shown a capability to quickly exploit newly discovered vulnerabilities in widely used software. Evolving TTPs: The group leverages compromised devices, including those in home office environments, as operational infrastructure. This aligns with a broader trend by Chinese state-sponsored actors. Reconnaissance Focus: APT40 conducts regular reconnaissance to identify vulnerable systems (unpatched, end-of-life) within target networks. The advisory also details findings from Australian Signals Directorate (ASD) investigations into two successful APT40 network compromises, providing valuable insights into their attack methods. Advisory Link: Treat internet-facing devices differently in your patching plan, enable MFA, and audit privileged account activity. #cybersecurity #networkdefense #malware #incidentresponse #ciso #vciso

NIS2’s cybersecurity value spreads beyond its expanded scope

This is very telling of the state of cyber defense today. The MITRE ATT&CK table is better formatted than the SIGMA rule and there is at least 12 agencies that collaborated on this report. Also the following statement is highly questionable: "AppData folders are excluded if a file is run as SYSTEM - this is a benign way in which many temporary application files are executed." ```   appdata:     Image|contains: '\\AppData\\'     User: 'SYSTEM'   condition: writable_path and not appdata ``` https://lnkd.in/eHBh6c8J

UK’s National Cyber Security Centre Plans Major Revamp. The UK’s National Cyber Security Centre (NCSC) is set to overhaul its Active Cyber Defence (ACD) programme with a new suite of services, dubbed ACD 2.0. This initiative aims to address gaps in the market and enhance national cyber resilience. The NCSC plans to collaborate with government, industry, and academia to develop innovative solutions, focusing on areas where the private sector falls short. This strategic refresh will ensure the UK remains at the forefront of cyber defence. #CyberSecurity #NCSC #TechNews #CyberDefence #Innovation #UKTech #DataProtection

You cannot make this up. If you have been looking for a sign to be proactive and take cybersecurity seriously, this is it. The Australian Signals Directorate has made it known that the cyber-espionage group Advanced Persistent Threat 40, otherwise known as APT40, has been targeting a string of Australian government and private sector networks. Apt40 is not your everyday threat actor, if anything, they are quite the opposite within the capability department and should be taken seriously. Whilst the extensive list of victims is disclosed for confidentiality reasons, their primary focus surrounds organisations with VALUABLE INTELLECTUAL PROPERTY or STRATEGIC Information. Targets typically include: Technology Companies: They have targeted technology firms to steal proprietary information, source code, and sensitive business data. Defense Contractors: APT40 has attacked defense contractors to gather intelligence on military capabilities, weapons systems, and defense strategies. Aerospace Industry: Aerospace companies have been targeted for their research and development data, aircraft designs, and manufacturing processes. Government Agencies: hey have infiltrated government agencies to gain access to classified information, geopolitical strategies, and diplomatic communications. Maritime Organisations: APT40 has shown interest in maritime industries, potentially targeting shipping companies and maritime logistics firms for strategic information. Research Institutions: Academic and research institutions are also at risk due to their involvement in cutting-edge research and development across various fields. #cybersecurity #cyberresilience #cyberawareness #cyberattacks

The Australian Signals Directorate’s (#ASD) Australian Cyber Security Centre (#ACSC), has just released an advisory report on #APT40 activity, including #IOC and #TTP and mitigation strategies. APT40 is a Chinese threat group responsible for many #cyberespionage campaigns in the region and globally. This is an important read if you work in #cybersecurity and #DFIR. #infosec #CISO #malware #threatintelligence https://lnkd.in/gvCFpM5R

The U.K. National Cyber Security Centre (NCSC) is inviting organizations to contribute evidence of #cyberdeception use cases and efficacy to support the nation’s long-term research goals. This comes as the U.K. recently brought together international government partners and wider U.K. government and industry at a conference to discuss cyber deception in #cyber defense at its headquarters in London. The NCSC will collect the evidence from participating organizations as well as its own experiments, summarize in aggregate, and publish. As part of this endeavor, Ollie W., NCSC CTO and Harry W, NCSC incident management technical director identified two primary use cases for the technologies and solutions to provide value in #cyberdefense. https://lnkd.in/gQc6-uUy

Recommended 3 minute read! For those seeking more awareness on major league cyber threats (industry term is APT = Advanced Persistent Threat) and what to do to mitigate it.

To all the Fortinet Admins in my network. Read the article below regarding a critical FortiOS remote code execution (RCE) vulnerability (CVE-2024-23113) that CISA has revealed that attackers are actively exploiting. This flaw allows unauthenticated threat actors to execute commands or arbitrary code on unpatched devices. The vulnerability affects FortiOS 7.0 and later, FortiPAM 1.0 and higher, FortiProxy 7.0 and above, and FortiWeb 7.4. Fortinet disclosed and patched this flaw in February, advising admins to remove access to the vulnerable daemon as a mitigation measure. However, CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, and U.S. federal agencies must patch their systems by October 30. The Dutch Military Intelligence and Security Service (MIVD) also reported that Chinese hackers exploited a similar FortiOS RCE vulnerability (CVE-2022-42475) to infect over 20,000 Fortigate devices with malware. #cybersecurity #dynamotechnologies #usda #alphaomega #cvp #vknowit