U.S. Organization in China Targeted by Attackers

216.73.216.36

U.S. Organization in China Targeted by Attackers

· Published 06/12/2024 17:11 · Modified 06/12/2024 17:25

Essential information

Published: 06/12/2024 17:11
Modified: 06/12/2024 17:25
Tags: 2024-12-06 apt credential access espionage exfiltration lateral movement textinputhost.dat
Related entities: 13 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 others

Description

A large U.S. entity with significant operations in China faced a four-month-long cyber intrusion, likely conducted by a China-based threat actor. The attackers obtained persistent network access, laterally moved across systems, compromised Exchange servers to harvest emails, and deployed exfiltration tools, suggesting data theft. Tactics involved DLL sideloading, credential dumping, remote execution tools, and reconnaissance of Active Directory.

External references

https://www.security.com/threat-intelligence/us-china-espionage
https://otx.alienvault.com/pulse/675330337d348f9659b8ca3f