For HomeFor BusinessFor Partners
Anti-Malware Research Whitepapers
1 min read

Under Siege for Months: the Anatomy of an Industrial Espionage Operation

Alexandru MAXIMCIUCVictor VRABIE

July 19, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Under Siege for Months: the Anatomy of an Industrial Espionage Operation

Providing security to customers is a complex and resource-intensive endeavor in a complex world of deeply integrated technologies. As part of our commitment to keeping customers safe, we often complement our security stack offerings with managed detection and response, threat hunting and constant monitoring of customer infrastructure. The Cyber-Threat Intelligence Lab keeps a close eye on alerts and EDR reports coming from infrastructure, helping owners and maintainers navigate the early stages of compromise.

This is the case of an incident we worked on with a technology partner in the United States of America.

We identified a complex kill chain and monitored the attack through various stages to assess the extent of the breach and help the customer regain control of the network. We are releasing this research paper to help other decision-makers cover their blind spots and improve their overall security posture.

Attack at a Glance

  • Attackers managed to compromise a Patient Zero computer and used it to establish a secondary access avenue through a web shell planted on the company’s Exchange Server
  • This attack was focused on information exfiltration and spans on several months
  • During the scouting process, the threat actor managed to gain access to the company’s intellectual property and download source code from several GIT repositories
  • The group have used a network of over 650 IPs to access the company infrastructure for the duration of the attack. The vast majority of IP addresses can be traced back to China.

Download the whitepaper

Indicators of Compromise

An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. The currently known indicators of compromise can be found in the whitepaper below.

Recommendations

  • Introduce cybersecurity awareness training for employees to help them spot phishing e-mails.
  • Tune the e-mail security solution to automatically discard malicious or suspicious attachments.
  • Integrate threat intelligence into existing SIEM or security controls for relevant Indicators of Compromise.
  • Small and medium organizations without a dedicated security team should consider outsourcing security operations to Managed Detection and Response providers.

tags

Anti-Malware Research Whitepapers

Author

Alexandru MAXIMCIUC

Alexandru MAXIMCIUC

I'm a veteran security researcher with more than a decade of experience. His research is mostly focused on exploits, advanced persistent threats, cybercrime investigations, and packing technologies.

View all posts
Victor VRABIE

Victor VRABIE

Victor VRABIE is a security researcher at Bitdefender Iasi, Romania. Focusing on malware research, advanced persistent threats and cybercrime investigations, he's also a graduate of Computer Sciences.

View all posts

Right now Top posts

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
Anti-Malware Research

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware

June 08, 2023

5 min read
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
IoT Research Whitepapers

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

May 02, 2023

2 min read
EyeSpy - Iranian Spyware Delivered in VPN Installers
Anti-Malware Research Whitepapers

EyeSpy - Iranian Spyware Delivered in VPN Installers

January 11, 2023

2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Anti-Malware Research Free Tools

Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor

January 05, 2023

1 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Anti-Malware Research

Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Andrei ANTON-AANEIAlina BÎZGĂ

November 18, 2024

6 min read
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
Anti-Malware Research

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Anti-Malware Research Whitepapers

Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender

May 22, 2024

2 min read

Bookmarks

loader