Chinese APT Analysis “APT30”

October 26, 2017December 17, 2017 / Miguel Bigueur / Leave a comment

china-internet-outage

APT30 is a Chinese based, well organized, state sanctioned Cyber Espionage operation. The group is most notably known for its decade long use of the same sets of tools and tactics. The group’s main objective is the acquisition of private government information relating to socio and geo-political influence as conducted through long duration cyber espionage campaigns. APT30’s targets predominantly consist of organizations that satisfy its own governmental requirements for intelligence gathering. Some of the earliest domain registrations and malware compilation times date as far back as 2004 with its associated use of C2 server domains dating back to 2005. Continue reading →

Russian APT Analysis “APT29, aka, The Dukes”

October 20, 2017December 16, 2017 / Miguel Bigueur / Leave a comment

the-dukes-apt29-one-of-russia-s-cyber-espionage-hacking-squads-492021-2

APT29, The Dukes, a term coined by security researchers at Kaspersky Labs, are a well funded, highly resourceful and dedicated group of organized cyber espionage hackers that have been linked to the Russian Federation dating back as far as 2008. Their primary mission traditionally has been to perform intelligence gathering in an effort to support Russian foreign and security policies. The Dukes have access to a vast arsenal of malware toolsets, which have been identified as OnionDuke, CosmicDuke, MiniDuke, GeminiDuke, HammerDuke, PinchDuke, SeaDuke, and CloudDuke to name a few.

Continue reading →

figure 1

Plan A B or C Choice Showing Strategy Change Or Dilemmas

figure 1

Incident coordinator pressing INCIDENT RESPONSE on an interactive touch screen. Computer security concept. Man in blue suit is highlighting an open lock among forensic tool icons signifying a breach.