Unfading Sea Haze - "new" APT targeting military and govt networks in South China Sea

In a recent investigation by Bitdefender Labs, a series of cyberattacks targeting high-level organizations in South China Sea countries revealed a previously unknown threat actor. We've designated this group "Unfading Sea Haze" based on their persistence and focus on the region. The targets and nature of the attacks suggest alignment with Chinese interests.

This wasn't just about uncovering the present activities of Unfading Sea Haze. It was a journey through time, a digital archaeology of sorts. Our investigation, spanning at least eight victims – primarily military and government targets – stretched back to 2018. We documented Unfading Sea Haze’s current tactics, techniques, and procedures (TTPs), but also the tools they developed in the past.

This was interesting research (I wrote the report), especially that the threat actor remained anonymous for 6 years. AMA about this research if interested, happy to help fellow security enthusiasts!

The MSBuild technique using SMB accessible from the Internet was a very interesting technique IMHO (there is a diagram, I cannot paste it here).


https://www.bitdefender.com/blog/businessinsights/deep-dive-into-unfading-sea-haze-a-new-threat-actor-in-the-south-china-sea/ submitted by /u/MartinZugec
[link] [comments]


http://dlvr.it/T7Ffmw