During its investigations, ANSSI analyzed several attack mode 1 compromise chains used for espionage including purposes. Some campaigns have been directed against French APT28 organizations (MOAs), government entities, businesses, universities, as well as research institutes and think tanks.
If attackers continue their brute force attack and vulnerability exploitation campaigns, ANSSI also notes that attackers reduce the risk of detection by compromising equipment that is poorly monitored and located on the periphery of the network 2 . In some cases, no backdoors are dropped on the compromised network.
This document is based on technical reports published in open source and elements collected during incident response operations carried out by ANSSI. It details the tactics, techniques and procedures (TTP) characteristic of the modus operandi’s activities since the second half of 2021 (section 2) and offers a series of recommendations to protect against this type of attack (section 3).
Views: 0
