Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

EU Organizations Warned of Chinese APT Attacks

ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.

The European Union Agency for Cybersecurity (ENISA) and CERT-EU are warning of multiple Chinese advanced persistent threat (APT) actors targeting businesses and government organizations in the EU.

The observed malicious activity, the agencies say in a joint advisory (PDF), can be attributed to several known Chinese hacking groups, including APT27, APT30, APT31, Ke3chang, Gallium, and Mustang Panda.

“These threat actors present important and ongoing threats to the European Union. Recent operations pursued by these actors focused mainly on information theft, primarily via establishing persistent footholds within the network infrastructure of organizations of strategic relevance,” the advisory reads.

The ongoing activity, the agencies say, should prompt organizations in the EU to improve their security posture and enhance their ability to detect cyberattacks, as well as their resilience to such attacks.

Cyberattack detection, the agencies say, involves log collection and review, monitoring of device activity and the use of curated threat intelligence and intrusion detection signatures, along with regular threat hunting.

Organizations should also implement strategies to detect and prevent PowerShell-based attacks and lateral movement that abuses NTLM and Kerberos protocols, and should educate users to immediately report any suspicious activity.

To reduce the risks of compromise, organizations are advised to follow security best practices to harden products and protect high-privileged accounts and key assets, and to follow best practices for identity and access management.

Organizations are advised to maintain updated inventories of all assets, both physical and virtual, to block or reduce egress internet access for systems that are rarely rebooted, to implement a backup strategy, and to implement access controls for all end users and external third-party contractors.

Advertisement. Scroll to continue reading.

Implementing network segmentation, ensuring cloud environments are properly secured, implementing a resilient email policy to block malicious messages, implementing prevention for pass-the-ticket attacks, and educating users and employees on phishing and other threats should also help organizations improve their cyber resilience.

Additionally, organizations should implement an incident response plan that involves assessing the severity of an incident based on impact, and ensure clear communication with internal stakeholders.

When responding to an incident, organizations should assess what triggered an event and its potential impact, collect evidence from impacted systems, use all available telemetry sources, fix the root cause of an attack and ensure the incident is fully contained, and keep a detailed record of all actions taken.

Related: China’s Hacking of European Diplomats Aligns With Russia-Ukraine Conflict

Related: Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT

Related: US Blacklists 6 Chinese Entities Over Balloon Program

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.