U.S. Organization in China Targeted by Attackers

1(520) 261-1728

U.S. Organization in China Targeted by Attackers

A large U.S. entity with significant operations in China faced a four-month-long cyber intrusion, likely conducted by a China-based threat actor. The attackers obtained persistent network access, laterally moved across systems, compromised Exchange servers to harvest emails, and deployed exfiltration tools, suggesting data theft. Tactics involved DLL sideloading, credential dumping, remote execution tools, and reconnaissance of Active Directory. Author: AlienVault

Related Tags:
credential access

T1207

exfiltration

T1558

lateral movement

China

T1518

espionage

T1012

Associated Indicators:
FF91BBE7BD4E6D5498B1332F0AD233DCF0AD5FC0D31F870A92142731354D739C

472A513EB60CBA4A2320EBBC10D84679EBAA1A8F90E5A3764902A456B3936A17

C1BEC59AFD3C6071B461BB480FF88BA7E36759A949F4850CC26F0C18E4C811A0

AD53700CA78F887EF6FDD0D2CFCC570C107675E2

078D72A61FE3DE477669FCF07EF66FB3

http://149.28.154.23:443

http://149.28.154.23:443/vmtools.exe’

http://149.28.154.23:443/rar.exe’

Threat Intel Solutions

U.S. Organization in China Targeted by Attackers

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us