Cyber Risk in the Defense Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Defense.

Report

Silk Typhoon targeting IT supply chain

Silk Typhoon is a sophisticated Chinese state-sponsored espionage group tracked by Microsoft Threat Intelligence. The group has been identified as ...

View Source

Report

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

This blog post by Microsoft Threat Intelligence describes the Seashell Blizzard intrusion set and specifically the BadPilot campaign. According to ...

View Source

Report

Cloaked and Covert: Uncovering UNC3886 Espionage Operations

This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...

View Source

Report

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

This cybersecurity advisory from the U.S. Federal Bureau of Investigation (FBI) and its partners, highlights the cyber espionage activities of the ...

View Source

Report

APT45: North Korea’s Digital Military Machine

This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...

View Source

Report

Onyx Sleet uses array of malware to gather intelligence for North Korea

Following an indictment by the US Department of Justice linked to the intrusion set Microsoft track as Onyx Sleet, this report includes details of ...

View Source

Report

ANALYSIS OF THE APT31 INDICTMENT

Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...

View Source

Report

Dragonfly: Cyberespionage Attacks Against Energy Suppliers

This report by Symantec details activities of the cyberespionage group known as Dragonfly. The reporting covers a campaign which initially focused ...

View Source

Report

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

This article by researchers at Unit 42 discusses the FalseFont backdoor used by Curious Serpens, an Iranian-affiliated espionage group targeting ...

View Source

Report

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...

View Source

Report

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

This Security Intelligence blog post by researchers at IBM's X-Force describes activity by ITG05 - a group which shows overlap with APT28/Forest ...

View Source

Report

People's Republic of China-Linked Cyber Actors Hide in Router Firmware

This Cybersecurity Advisory from CISA and partners details activities of the People's Republic of China (PRC)-linked cyber actors known as ...

View Source

Report

Operation Blockbuster: Unraveling the Long Thread of the Sony Attack

This report by Novetta covers 'Operation Blockbuster' which was a Novetta-led coalition of private industry partners aiming to understand and ...

View Source

Report

Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign

The Insikt Group has observed the TAG-70 using cross-site scripting (XSS) vulnerabilities to target Roundcube webmail servers in Europe. The ...

View Source

Report

VOLTZITE Espionage Operations Targeting U.S. Critical Systems

This report details activity related to the VOLTZITE intrusion set as observed by Dragos. The report identifies sectors and geographies targeted ...

View Source

Report

Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day

Reporting from Mandiant which discusses the exploitation of Pulse Secure VPN devices in 2021 and 12 malware families associated with the campaign. ...

View Source

Report

Project CAMERASHY

This report by ThreatConnect and Defense Group Inc outlines activities by the Naikon APT (advanced persistent threat) group and attributes them to ...

View Source

Report

HAFNIUM targeting Exchange Servers with 0-day exploits

In March 2021 Microsoft detected multiple zero-day exploits being used as part of a widespread campaign by HAFNIUM / Silk Typhoon. This report ...

View Source

Report

Putter Panda Intelligence Report

This intelligence report published by CrowdStrike outlines cyber espionage activity against Western companies which they attribute to Putter ...

View Source

Report

Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT

This report by the Dutch AIVD and MIVD is a cybersecurity advisory covering activity which they attribute to Chinese threat actors. The report ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Defense.

Search:

ATT&CK ID	Title	Associated Tactics
T1014	Rootkit	Defense Evasion
T1068	Exploitation for Privilege Escalation	Privilege Escalation
T1003	OS Credential Dumping	Credential Access
T1071	Application Layer Protocol	Command and Control
T1560	Archive Collected Data	Collection
T1587.001	Malware	Resource Development
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1021	Remote Services	Lateral Movement
T1587.004	Exploits	Resource Development
T1083	File and Directory Discovery	Discovery
T1021.002	SMB/Windows Admin Shares	Lateral Movement
T1591	Gather Victim Org Information	Reconnaissance
T1572	Protocol Tunneling	Command and Control
T1190	Exploit Public-Facing Application	Initial Access
T1567	Exfiltration Over Web Service	Exfiltration
T1027	Obfuscated Files or Information	Defense Evasion
T1090	Proxy	Command and Control
T1592	Gather Victim Host Information	Reconnaissance
T1087	Account Discovery	Discovery
T1059	Command and Scripting Interpreter	Execution
T1596	Search Open Technical Databases	Reconnaissance
T1039	Data from Network Shared Drive	Collection
T1595	Active Scanning	Reconnaissance
T1036	Masquerading	Defense Evasion
T1598.003	Spearphishing Link	Reconnaissance
T1070.006	Timestomp	Defense Evasion
T1595.003	Wordlist Scanning	Reconnaissance
T1020	Automated Exfiltration	Exfiltration
T1566.002	Spearphishing Link	Initial Access
T1057	Process Discovery	Discovery
T1087.002	Domain Account	Discovery
T1036.007	Double File Extension	Defense Evasion
T1583.001	Domains	Resource Development
T1059.006	Python	Execution
T1210	Exploitation of Remote Services	Lateral Movement
T1003.001	LSASS Memory	Credential Access
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1110.003	Password Spraying	Credential Access
T1059.001	PowerShell	Execution
T1543.003	Windows Service	Persistence, Privilege Escalation
T1059.003	Windows Command Shell	Execution
T1586.002	Email Accounts	Resource Development
T1584.004	Server	Resource Development
T1112	Modify Registry	Defense Evasion
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1608.005	Link Target	Resource Development
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1036.005	Match Legitimate Name or Location	Defense Evasion
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1003.002	Security Account Manager	Credential Access

Showing 1 to 50 of 109 entries