Cyber Risk in the Ministries of Foreign Affairs Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Ministries of Foreign Affairs.

Report

Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation

This report by Recorded Future's Insikt Group details activity by RedJuliett between November 2023 and April 2024. RedJuliett, also known by ...

View Source

Report

From South America to Southeast Asia: The Fragile Web of REF7707

REF7707 is an advanced and persistent threat actor tracked by Elastic Security Labs. The group has been observed actively targeting the foreign ...

View Source

Report

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

This blog post by Microsoft Threat Intelligence describes the Seashell Blizzard intrusion set and specifically the BadPilot campaign. According to ...

View Source

Report

Malicious Activities Linked to the Nobelium Intrusion Set

This report by ANSSI, the French 'Agence nationale de la sécurité des systèmes d'information', outlines activity against French diplomatic ...

View Source

Report

ANALYSIS OF THE APT31 INDICTMENT

Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...

View Source

Report

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

This blog post from Cisco Talos discusses ArcaneDoor, an espionage-focused campaign targeting perimeter network devices, which are crucial for ...

View Source

Report

From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering

This blog post from Proofpoint's Threat Research Team details the TA427 group who they link to Kimsuky and attribute to North Korea. TA427 conduct ...

View Source

Report

Review of the Summer 2023 Microsoft Exchange Online Intrusion

This report by the US Cyber Safety Review Board presents the findings of an investigation into compromise of Microsoft Exchange Online mailboxes ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Ministries of Foreign Affairs.

Search:

ATT&CK ID	Title	Associated Tactics
T1505.003	Web Shell	Persistence
T1190	Exploit Public-Facing Application	Initial Access
T1584	Compromise Infrastructure	Resource Development
T1068	Exploitation for Privilege Escalation	Privilege Escalation
T1583.003	Virtual Private Server	Resource Development
T1595.002	Vulnerability Scanning	Reconnaissance
T1133	External Remote Services	Initial Access, Persistence
T1036	Masquerading	Defense Evasion
T1598.003	Spearphishing Link	Reconnaissance
T1070.006	Timestomp	Defense Evasion
T1055	Process Injection	Defense Evasion, Privilege Escalation
T1562	Impair Defenses	Defense Evasion
T1102	Web Service	Command and Control
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1653	Power Settings	Persistence
T1140	Deobfuscate/Decode Files or Information	Defense Evasion
T1040	Network Sniffing	Credential Access, Discovery
T1037	Boot or Logon Initialization Scripts	Persistence, Privilege Escalation
T1059	Command and Scripting Interpreter	Execution
T1041	Exfiltration Over C2 Channel	Exfiltration
T1070	Indicator Removal	Defense Evasion
T1556	Modify Authentication Process	Credential Access, Defense Evasion, Persistence
T1071	Application Layer Protocol	Command and Control

Showing 1 to 23 of 23 entries