November 23, 2024 at 07:24AM
Storm-2077, a new Chinese state-sponsored cyber threat actor, targets U.S. government and NGOs, along with global industries. They utilize phishing and exploits to access sensitive data. Concurrently, Google’s TAG exposed GLASSBRIDGE, a pro-China influence operation using fake news sites to promote state narratives, undermining legitimate news sources.
### Meeting Takeaways – Nov 23, 2024
1. **Emergence of Storm-2077**:
– A newly identified threat actor named Storm-2077 is targeting U.S. government and non-governmental organizations, with activities believed to have commenced in January 2024.
– Storm-2077 has executed cyber attacks on various sectors, including the Defense Industrial Base, aviation, telecommunications, and financial/legal services globally.
2. **Affiliation with TAG-100**:
– Storm-2077’s activities overlap with the threat group designated as TAG-100 by Recorded Future’s Insikt Group.
3. **Attack Methods**:
– The group utilizes publicly available exploits to compromise internet-facing edge devices, allowing for the deployment of tools such as Cobalt Strike, Pantegana, and Spark RAT.
– Credential harvesting from eDiscovery applications via phishing is employed for intelligence-gathering, enabling subsequent exfiltration of sensitive emails.
4. **Access to Cloud Environments**:
– Storm-2077 has gained unauthorized access to cloud environments through compromised endpoints, creating applications with mail read rights after achieving administrative access.
5. **GLASSBRIDGE Influence Operation**:
– Google’s Threat Intelligence Group has reported on GLASSBRIDGE, a pro-China influence operation utilizing fake news websites to promote narratives favoring China.
– Over a thousand websites linked to GLASSBRIDGE have been blocked from Google News and Discover since 2022.
6. **Operation Methods and Entities**:
– GLASSBRIDGE operates through digital PR firms that disguise themselves as independent news outlets, republishing content from state media and other sources aligned with China’s political agenda.
– Notable entities involved include Shanghai Haixun Technology, Times Newswire/Shenzhen Haimai Yunxiang Media, and Shenzhen Bowen Media.
7. **Regional Tailoring of Content**:
– By posing as local news outlets, GLASSBRIDGE manipulates narratives to appear as legitimate news, targeted toward specific regional audiences.
This summary encapsulates the main points discussed regarding recent cyber threats and information operations connected to China. Further updates and in-depth analysis can be accessed via social media channels.