Anomali, a leader in intelligence-driven cybersecurity solutions, published at Black Hat USA 2019 its latest research report: Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations.
The Anomali Threat Research Team discovered this new phishing attack leveraging spoof sites that appear to be designed to steal email credentials from target victims within the government of the People’s Republic of China. Although the attackers’ exact motivation is unknown, it is logical to conclude that this is an espionage campaign.
By stealing email credentials, and accessing internal email content, it would be possible for infiltrators to gain insight into decisions being made within the target organizations. Once in, threat actors could also gain access to sensitive information.
Attack victims are members of staff for the organisations being targeted. Most of the organisations being phished relate to economic trade, defense, aviation, and foreign relations. This suggests that the attackers are likely to be an actor or group operating under a mandate to understand China’s international goals.
China-based CERT 360 has previously reported on related indicators being attributed to BITTER APT. This group is known to operate out of a South Asian country, and is a suspected Indian APT in open source reporting. BITTER APT campaigns primarily target China, Pakistan and Saudi Arabia historically.
Although the attack identified is targeting officials within the government of the People’s Republic of China, it is important for all organizations to understand that threat actors use the same methods and techniques to target the public and private sectors.
Organizations at risk of being targeted in the manner observed should take several basic precautionary steps. This includes having security controls in place that integrate threat intelligence about active attacks, defense-in-depth protections including firewalls, and regular security training for employees that includes anti-phishing education.