Cyber Risk in the Ministries of Foreign Affairs Sector
Understand more about cyber risk in this sector.
Cyber Risk Graph
Explore how this sector relates to the wider risk graph
Threat Reports
Publicly available threat reporting on cyber attacks against Ministries of Foreign Affairs.
Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation
This report by Recorded Future's Insikt Group details activity by RedJuliett between November 2023 and April 2024. RedJuliett, also known by ...
From South America to Southeast Asia: The Fragile Web of REF7707
REF7707 is an advanced and persistent threat actor tracked by Elastic Security Labs. The group has been observed actively targeting the foreign ...
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
This blog post by Microsoft Threat Intelligence describes the Seashell Blizzard intrusion set and specifically the BadPilot campaign. According to ...
Malicious Activities Linked to the Nobelium Intrusion Set
This report by ANSSI, the French 'Agence nationale de la sécurité des systèmes d'information', outlines activity against French diplomatic ...
ANALYSIS OF THE APT31 INDICTMENT
Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
This blog post from Cisco Talos discusses ArcaneDoor, an espionage-focused campaign targeting perimeter network devices, which are crucial for ...
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering
This blog post from Proofpoint's Threat Research Team details the TA427 group who they link to Kimsuky and attribute to North Korea. TA427 conduct ...
Review of the Summer 2023 Microsoft Exchange Online Intrusion
This report by the US Cyber Safety Review Board presents the findings of an investigation into compromise of Microsoft Exchange Online mailboxes ...
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use against Ministries of Foreign Affairs.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1505.003 | Web Shell | Persistence |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1584 | Compromise Infrastructure | Resource Development |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1583.003 | Virtual Private Server | Resource Development |
| T1595.002 | Vulnerability Scanning | Reconnaissance |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1036 | Masquerading | Defense Evasion |
| T1598.003 | Spearphishing Link | Reconnaissance |
| T1070.006 | Timestomp | Defense Evasion |
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1562 | Impair Defenses | Defense Evasion |
| T1102 | Web Service | Command and Control |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1653 | Power Settings | Persistence |
| T1140 | Deobfuscate/Decode Files or Information | Defense Evasion |
| T1040 | Network Sniffing | Credential Access, Discovery |
| T1037 | Boot or Logon Initialization Scripts | Persistence, Privilege Escalation |
| T1059 | Command and Scripting Interpreter | Execution |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1070 | Indicator Removal | Defense Evasion |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1071 | Application Layer Protocol | Command and Control |