The European Union Agency for Cybersecurity (ENISA) and CERT-EU are warning of multiple Chinese advanced persistent threat (APT) actors targeting businesses and government organizations in the EU.
The observed malicious activity, the agencies say in a joint advisory (PDF), can be attributed to several known Chinese hacking groups, including APT27, APT30, APT31, Ke3chang, Gallium, and Mustang Panda.
“These threat actors present important and ongoing threats to the European Union. Recent operations pursued by these actors focused mainly on information theft, primarily via establishing persistent footholds within the network infrastructure of organizations of strategic relevance,” the advisory reads.
The ongoing activity, the agencies say, should prompt organizations in the EU to improve their security posture and enhance their ability to detect cyberattacks, as well as their resilience to such attacks.
Cyberattack detection, the agencies say, involves log collection and review, monitoring of device activity and the use of curated threat intelligence and intrusion detection signatures, along with regular threat hunting.
Organizations should also implement strategies to detect and prevent PowerShell-based attacks and lateral movement that abuses NTLM and Kerberos protocols, and should educate users to immediately report any suspicious activity.
To reduce the risks of compromise, organizations are advised to follow security best practices to harden products and protect high-privileged accounts and key assets, and to follow best practices for identity and access management.
Organizations are advised to maintain updated inventories of all assets, both physical and virtual, to block or reduce egress internet access for systems that are rarely rebooted, to implement a backup strategy, and to implement access controls for all end users and external third-party contractors.
Implementing network segmentation, ensuring cloud environments are properly secured, implementing a resilient email policy to block malicious messages, implementing prevention for pass-the-ticket attacks, and educating users and employees on phishing and other threats should also help organizations improve their cyber resilience.
Additionally, organizations should implement an incident response plan that involves assessing the severity of an incident based on impact, and ensure clear communication with internal stakeholders.
When responding to an incident, organizations should assess what triggered an event and its potential impact, collect evidence from impacted systems, use all available telemetry sources, fix the root cause of an attack and ensure the incident is fully contained, and keep a detailed record of all actions taken.
Related: China’s Hacking of European Diplomats Aligns With Russia-Ukraine Conflict
Related: Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT
Related: US Blacklists 6 Chinese Entities Over Balloon Program
More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
