@BushidoToken Threat Intel

  Artwork by  @laelcillustrate The aim of this blog is to highlight initial access techniques that you’ve potentially not heard of before. You're u nlikely to find these in the Mitre ATT&CK framework and these are pretty u nlikely to happen day-to-day, but they are perfectly valid for persistent attackers. How to implement detection for these techniques also d epends on your threat model and who is trying to target you or your organisation.  Traditional initial access techniques for common threats such as Ransomware operators or Advanced Persistent Threat (APT) groups include  phishing for credentials, malicious spam containing malware, obtaining RDP credentials via brute force or purchasing them from underground markets, and exploiting a vulnerability in a public-facing system.  The techniques discussed in this blog, however, r equires a bit more determination, opportunism, and lateral thinking. >> I've added some " Bushido comments"  offering m...

  Sophisticated computer security breaches in some of the most heavily defended networks around the world have been orchestrated by so-called Advanced Persistent Threats (APT) groups. Many of these APTs operate on behalf of a nation state’s intelligence agency or military. They can even be private sector hacking groups, hired for specific operations. An APT group specialises in gaining access, maintaining it, and executing post-exploitative activities while remaining undiscovered. There are also many types of APT attack campaigns. This can include, but is not limited to, intelligence gathering operations, intellectual property theft, sabotage and data destruction, and exploitation for financial gain. Intelligence gathering, cyber-espionage One such APT that exemplifies this type of behaviour is known as the Naikon APT group. In May 2020, Check Point disclosed new evidence of an ongoing cyber-espionage campaign against several national government entities in the Asia Pacific (APAC) ...