Okay, here's another thread bomb that's pretty much me geeking out on one of the better public #ThreatIntelligence reports to be released on #Chinese threat actors in recent memory.
recordedfuture.com/chinese-cybere…
H/T to @__winn and Sanil Chohan of @RecordedFuture 's Insikt Group.
recordedfuture.com/chinese-cybere…
H/T to @__winn and Sanil Chohan of @RecordedFuture 's Insikt Group.
One of the bigger revelations of this report is the correlation between Chinese economic and political activity and cyberespionage, a clear trend laid out throughout the report using correlative analysis.
Basically, Chinese cyber activity directly correlated with BRI talks.
Basically, Chinese cyber activity directly correlated with BRI talks.
I had a tweet bomb that hinted at this correlation last night but was mainly concerned with the dangers of the BRI/SoP activity in general.
https://twitter.com/Viking_Sec/status/1031006994809978880
The correlation is a valuable attribution mechanism when talking on the Chinese cyberespionage threat and is incredibly valuable in terms of fighting against the normal Chinese "baseless and unscientific allegations" argument against frequent allegations of espionage.
Another incredibly important point is the correlation between state-sponsored espionage targeting foreign public/private entities and espionage targeting the "Five Poisons" groups (a term I was unfamiliar with before the report)
This victimology is incredibly important to attribution, especially when approaching the Chinese threat. China has a very focused set of perceived and actual threats, and correlating "traditional" espionage to much more Sino-specific targeting (Falun Gong, activists, Tibetans)
is a really damming way to attributing threat groups to China.
The use of correlative data sets as well as geopolitical analysis paired with some top-notch technical analysis really sets this report apart.This is the required sort of publication when approaching CN threat groups
The use of correlative data sets as well as geopolitical analysis paired with some top-notch technical analysis really sets this report apart.This is the required sort of publication when approaching CN threat groups
Highlighting the connection between CN state actors and academia is important as well, as it highlights the bodies that may take financial and logistical responsibility for attack infrastructure and could take another "well we didn't know about it" excuse away from CN.
Overall, this connection is incredibly important in general, as it highlights the true reach that the PLA and CCP has in the country. Attacks can come from just about any Chinese IP space, private, public or otherwise.
Read and memorize this report. A repeated "huge thanks" to the researchers from @RecordedFuture for highlighting the unique intricacies in the Chinese threat space.
@threadreaderapp unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
