Cert2Connect

Operation Crimson Palace

Sophos Managed Detection and Response initiated a threat hunt across customers after detecting abuse of a vulnerable VMware executable. The hunt uncovered a complex persistent cyberespionage campaign by Chinese state-sponsored actors targeting a high-profile government organization in Southeast Asia. Three distinct clusters of intrusion activity designated Alpha Bravo and Charlie were identified operating from at least March to December 2023. This report provides an in-depth technical analysis of the tactics techniques and procedures used by each cluster including credential access lateral movement persistence mechanisms command and control infrastructure defense evasion tactics and data exfiltration methods. It also details previous compromises observed within the same organization dating back to early 2022.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak