ARLINGTON, Va.--(BUSINESS WIRE)--ThreatConnect Inc., creator of the most widely adopted Threat Intelligence Platform (TIP), and open source cyber intelligence company Defense Group Inc. (DGI) today unveiled a report attributing a sophisticated cyber espionage campaign, orchestrated by an Advanced Persistent Threat (APT) group known as “Naikon,” with interests in the South China Sea to a Chinese People’s Liberation Army (PLA) unit. Revealing the scope of how extensive cyber campaigns are readily applied to ongoing regional disputes and conflicts, ThreatConnect and DGI’s joint report, “Project CAMERASHY: Closing the Aperture on China’s Unit 78020” documents Chinese efforts to gain the upper hand in a geopolitical stand-off by capturing information on regional rivals’ negotiating postures, economies and military capabilities.
The security community has been aware of Naikon for some time, but ThreatConnect researchers decided to take a closer look at this activity following recent breaches in the U.S. with key similarities. As businesses are being affected globally by this malicious activity, ThreatConnect and DGI felt a responsibility to inform their global user base and bring the findings to light for public consideration. In today’s security landscape, and in a time where the adversary is often ahead of target, it is critical to share threat intelligence that organizations can use to defend their assets and sensitive information from malicious attacks.
“At ThreatConnect we are committed to analyzing intelligence within our platform that is associated with malicious activity in order to help arm others with the critical knowledge they need to protect themselves,” said Adam Vincent, CEO of ThreatConnect. “Along with DGI, we followed widely available and public evidence for several months not knowing where it would lead us. This research is a perfect example of how true threat intelligence is highly informative and offers organizations a powerful glimpse into just how sophisticated cyber campaigns operate.”
Key takeaways from the research report include:
- For nearly five years PLA Unit 78020 used an array of global midpoint infrastructure to proxy the command and control of customized malware variants embedded within malicious attachments or document exploits.
- Targets include government entities in Cambodia, Indonesia, Laos, Malaysia, Nepal, Philippines, Singapore, Thailand and Vietnam as well as international bodies such as United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).
- Strategic implications for the United States include cyber threats against not only military alliances and security partnerships in the region, but risks to interests in a major artery of international commerce through which trillions of dollars in global trade traverse annually.
- This report stands out from previous APT reports given the collaborative nature of the research, aggregation and analysis of multiple data sources, application of statistical analysis, as well as data visualization to clearly connect the points between the adversary, their capabilities, the infrastructure they used and the victims being targeted.
To create this report, ThreatConnect used a unique methodology built into their Threat Intelligence Platform called The Diamond Model of Intrusion Analysis. Using that repeatable process, any ThreatConnect user can derive a multidimensional picture of the underlying relationships between threat actors, their tools, techniques and processes.
The full Project CAMERASHY report is available at http://www.threatconnect.com/camerashy.
About ThreatConnect, Inc.
ThreatConnect, Inc. provides industry-leading advanced threat intelligence software and services including ThreatConnect®, the most comprehensive Threat Intelligence Platform (TIP) on the market. ThreatConnect delivers a single platform in the cloud and on-premises to effectively aggregate, analyze, and act to counter sophisticated cyber-attacks. Leveraging advanced analytics capabilities, ThreatConnect offers a superior understanding of relevant cyber threats to business operations. To register for a free ThreatConnect account, or to learn more about our products and services, visit: www.threatconnect.com.
