The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of the APT 40 unit of the PRC. This is just confirmation of what we already know – and was addressed by both FBI Director Christopher Wray and NSA Chief General Timothy Haugh in testimony to congress this summer. But now all of the details of PRC activities and tradecraft are explicitly laid out.
The CSA describes how APT 40 can rapidly exploit new public vulnerabilities in widely used software. Additionally, the group has evolved its tradecraft and embraced a global trend to use compromised devices, including home office devices, as operational infrastructure. Other PRC state-sponsored actors are using the same techniques, posing a threat to networks worldwide.
Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilise them against target networks possessing the infrastructure of the associated vulnerability. APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets. This regular reconnaissance postures the group to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities from as early as 2017.
The level of detail and disclosure in itself is new and important. As Gary Miller, Faction Advisor and Founder of the Mobile Intelligence Alliance puts it:
This is a big deal. We monitor APT40 spyware and the NSA posting this overview as an international multi-agency report is a significant milestone.
Faction’s Take: The Internet is NOT Safe
As we have said: The System is Blinking Red.
We entered a new era of cybersecurity over a decade ago where it not just criminal gangs that want your data. Three things have made this even worse in recent years:
- AI – gives even more power to the attackers, who are always 3 steps ahead.
- IOT – we are connecting all manner of critical devices and infrastructure to the Internet.
- Great Power Conflict – we are now dealing with hostile nation-state actors engaged in ongoing low-level cyberwarfare, while actively working and preparing to wreak havoc across our society and economy on a scale not seen before – should the need arise.
The assumptions upon which cybersecurity architectures have been designed are based on a ‘good enough’ approach that simply does not apply to the world we now live in. We need a fundamentally new approach built on a truly Zero Trust architecture. That’s what Faction is dedicated to: it’s critical, and the time is well past now for this to happen.
