NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Chinese State Actor APT40 Exploits N-Day Vulnerabilities “Within Hours”

    Cyber Security News
    2
    1
    30
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Chinese state-sponsored actor APT40 is focusing on exploiting newly discovered software vulnerabilities (N-days), often within hours of public release, a joint government advisory has warned. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), alongside agency partners from the US, UK, Canada, New Zealand, Germany, South Korea and Japan, noted that the group prefers to exploit vulnerable, public-facing infrastructure over techniques that require user interaction such as phishing campaigns. APT40 conducts regular reconnaissance against target networks to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. It is capable of exploiting newly public vulnerabilities in widely used software such as Log4j, Atlassian Confluence and Microsoft Exchange within days or even hours of public release. “Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilize them against target networks possessing the infrastructure of the associated vulnerability,” the advisory read. The group continues to find success exploiting vulnerabilities from as early as 2017. Once inside a network, APT40 specializes on evasion and persistence techniques to exfiltrate sensitive data on behalf of the People’s Republic of China (PRC) Ministry of State Security, the agencies assessed. APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and remain a threat to the other authoring agencies’ nations. The group’s activity and techniques overlaps with threat actors tacked as Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk in industry reporting. The ASD said that APT40 has embraced a global trend of using compromised devices, including small-office/home-office (SOHO), as operational infrastructure last-hop redirectors for its operations in Australia. Many of these SOHO devices are end-of-life or unpatched, offering a soft target for N-day exploitation. Once compromised, such devices also provide a launching point for attacks to blend in with legitimate traffic, obfuscating malicious activity.”

      ที่มาของแหล่งข่าว
      https://www.infosecurity-magazine.com/news/chinese-state-exploits/

      b78315c1-8bab-47a3-ab09-7d033e48a5fa-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post