Cyber Risk in the Ministries of Foreign Affairs Sector
Understand more about cyber risk in this sector.
Cyber Risk Graph
Explore how this sector relates to the wider risk graph
Threat Reports
Publicly available threat reporting on cyber attacks against Ministries of Foreign Affairs.
Malicious Activities Linked to the Nobelium Intrusion Set
This report by ANSSI, the French 'Agence nationale de la sécurité des systèmes d'information', outlines activity against French diplomatic ...
ANALYSIS OF THE APT31 INDICTMENT
Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
This blog post from Cisco Talos discusses ArcaneDoor, an espionage-focused campaign targeting perimeter network devices, which are crucial for ...
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering
This blog post from Proofpoint's Threat Research Team details the TA427 group who they link to Kimsuky and attribute to North Korea. TA427 conduct ...
Review of the Summer 2023 Microsoft Exchange Online Intrusion
This report by the US Cyber Safety Review Board presents the findings of an investigation into compromise of Microsoft Exchange Online mailboxes ...
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use against Ministries of Foreign Affairs.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1036 | Masquerading | Defense Evasion |
| T1598.003 | Spearphishing Link | Reconnaissance |
| T1070.006 | Timestomp | Defense Evasion |
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1562 | Impair Defenses | Defense Evasion |
| T1102 | Web Service | Command and Control |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1653 | Power Settings | Persistence |
| T1140 | Deobfuscate/Decode Files or Information | Defense Evasion |
| T1040 | Network Sniffing | Credential Access, Discovery |
| T1037 | Boot or Logon Initialization Scripts | Persistence, Privilege Escalation |
| T1059 | Command and Scripting Interpreter | Execution |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1070 | Indicator Removal | Defense Evasion |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1071 | Application Layer Protocol | Command and Control |