31
submitted 9 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
top 3 comments
sorted by: hot top controversial new old
[-] lemmyseizethemeans@lemmygrad.ml 4 points 9 months ago

When Americans do it they are 'script kiddies'. When China does it, it's 'State Sponsored or something

[-] wahming 0 points 9 months ago

If you had bothered reading the article, the methods used are extremely advanced. Nothing 'script kiddy' about it.

[-] autotldr@lemmings.world 2 points 9 months ago

This is the best summary I could come up with:


Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion.

According to the MIVD and AIVD, the RAT operates outside of traditional detection measures and acts as a second-stage malware, mainly to establish persistent access for attackers, surviving reboots and firmware upgrades.

In the cybersecurity advisory published today, authorities said the malware was highly stealthy and difficult to detect using default FortiGate CLI commands, since Coathanger hooks most system calls that could identify it as malicious.

"MIVD and AIVD emphasize that this incident does not stand on its own, but is part of a wider trend of Chinese political espionage against the Netherlands and its allies," the advisory reads.

After gaining an initial foothold inside the network, which was used by the MOD's research and development division, the attackers performed reconnaissance and stole a list of user accounts from the Active Directory server.

For those worried about whether Chinese cyberspies are lurking in their firewall, the Joint Signal Cyber Unit of the Netherlands (JCSU-NL) published a full list of indicators of compromise (IOCs) and various detection methods on its GitHub page.


The original article contains 731 words, the summary contains 197 words. Saved 73%. I'm a bot and I'm open source!

this post was submitted on 06 Feb 2024
31 points (97.0% liked)

Security

5010 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS