China (APT20): It appears that a Chinese APT which has been quiet for years may have returned with an operation spanning multiple industries. Little has been seen of APT20 since 2014, but new evidence suggests that Violin Panda has been active again with a campaign that appears to have begun in early 2018. It currently looks like the campaign was spread across 10 countries: United States, United Kingdom, France, Germany, Italy, Mexico, Portugal, Spain, Brazil, and China. Few industries have been safe from becoming targets as the group hit organizations in aviation, construction, energy, finance, health care, insurance, software development, and multiple other industries. While it seems odd that a Chinese APT would target anything within China, the currently unnamed entity was identified as a semiconductor manufacturing company–meaning it would likely contain valuable information for Chinese government-owned manufacturing of semiconductors. The group typically operates by gaining entry to an organization through exploiting vulnerable webservers. From there, the group works to identify users with privileged access, such as system administrators (sysadmin). Keyloggers are then utilized by the group to capture passwords, and in at least one case the group was able to compromise an RSA SecureID two-factor authentication system (2FA).
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.