CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Monitoring networks for Chinese State-Sponsored Cyber Operations

The US federal government recently took an unprecedented step in the fight against cyber espionage, publishing detailed technical guidance on tactics and techniques used by Chinese state-sponsored actors. 

The NSA, CISA, and the FBI have done the security community a great favor by making this material public, mapping tactics and techniques to MITRE ATT&CK, and providing a breakdown of specific exploited vulnerabilities. 

Notably, instead of cautioning against stealthy zero-days this alert reminds us of the importance of basic security hygiene like prompt patching since these actors typically race to weaponize exploits upon public release of new vulnerabilities. The alert also calls out their usage of popular off-the-shelf tools like Cobalt Strike and common tactics like hopping through proxies to obfuscate country of origin, which has been common in online crime for decades now. 

Thus, with the right monitoring and detection technologies and processes in place these attackers can be identified fairly reliably.

In the spirit of the original bulletin and our open-source heritage, Corelight has produced a document breaking down our ability to identify and detect these attackers’ techniques, both in terms of coverage for specific vulnerabilities as well as broader guidance for larger topics like exfiltration and C2 obfuscation. Used in combination with Corelight’s ATT&CK-aligned Threat Hunting Guide and the operational guidance provided by our Technical Account Management team, this new document will help Corelight customers fast-forward their ability to detect and evict these attackers.

Of course, the mitigations from this bulletin apply to other attackers as well. The specific vulnerabilities outlined in the document are all in wide exploitation by an array of attackers, and fundamental strategies such as “Enhance monitoring of network traffic, email, and endpoint systems” are sound advice regardless of whether you’re dealing with a script kiddie or a nation-state. That’s why strategic investments in comprehensive monitoring strategies will pay dividends for your entire security program - making it harder for one attacker makes it harder for all of them.

Recent Posts