Cyber Risk in the Legal Services Sector
Understand more about cyber risk in this sector.
Cyber Risk Graph
Explore how this sector relates to the wider risk graph
Threat Reports
Publicly available threat reporting on cyber attacks against Legal Services.
Silk Typhoon targeting IT supply chain
Silk Typhoon is a sophisticated Chinese state-sponsored espionage group tracked by Microsoft Threat Intelligence. The group has been identified as ...
APT45: North Korea’s Digital Military Machine
This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...
ANALYSIS OF THE APT31 INDICTMENT
Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...
REDCURL - The pentest you didn't know about
This report by researchers at Group-IB outlines activity by a group they call RedCurl. The report identifies victimology and motivation (corporate ...
HAFNIUM targeting Exchange Servers with 0-day exploits
In March 2021 Microsoft detected multiple zero-day exploits being used as part of a widespread campaign by HAFNIUM / Silk Typhoon. This report ...
APT1: Exposing One of China's Cyber Espionage Units
The APT1 report represents years of work by Mandiant, who analysed data across hundreds of breaches globally. The report identifies APT1 as a ...
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use against Legal Services.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1036 | Masquerading | Defense Evasion |
| T1598.003 | Spearphishing Link | Reconnaissance |
| T1070.006 | Timestomp | Defense Evasion |
| T1059.001 | PowerShell | Execution |
| T1003.001 | LSASS Memory | Credential Access |
| T1087.003 | Email Account | Discovery |
| T1005 | Data from Local System | Collection |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1218.011 | Rundll32 | Defense Evasion |
| T1114.001 | Local Email Collection | Collection |
| T1059.003 | Windows Command Shell | Execution |
| T1070.004 | File Deletion | Defense Evasion |
| T1566.002 | Spearphishing Link | Initial Access |
| T1555.003 | Credentials from Web Browsers | Credential Access |
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1071.001 | Web Protocols | Command and Control |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1082 | System Information Discovery | Discovery |
| T1564.001 | Hidden Files and Directories | Defense Evasion |
| T1020 | Automated Exfiltration | Exfiltration |
| T1056.002 | GUI Input Capture | Collection, Credential Access |
| T1119 | Automated Collection | Collection |
| T1087.001 | Local Account | Discovery |
| T1547.001 | Registry Run Keys / Startup Folder | Persistence, Privilege Escalation |
| T1039 | Data from Network Shared Drive | Collection |
| T1102 | Web Service | Command and Control |
| T1087.002 | Domain Account | Discovery |
| T1080 | Taint Shared Content | Lateral Movement |
| T1552.002 | Credentials in Registry | Credential Access |
| T1204.002 | Malicious File | Execution |
| T1083 | File and Directory Discovery | Discovery |
| T1552.001 | Credentials In Files | Credential Access |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1059.005 | Visual Basic | Execution |