Cyber Risk in the Technology Sector
Understand more about cyber risk in this sector.
Cyber Risk Graph
Explore how this sector relates to the wider risk graph
Threat Reports
Publicly available threat reporting on cyber attacks against Technology.
APT41 Has Arisen From the DUST
This report from Mandiant outlines APT41 activity observed since 2023 including successful compromises of logistic, media, technology and ...
Cloaked and Covert: Uncovering UNC3886 Espionage Operations
This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...
APT45: North Korea’s Digital Military Machine
This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...
Flax Typhoon using legitimate software to quietly access Taiwanese organizations
This blog post by Microsoft Threat Intelligence outlines the Flax Typhoon intrusion set and TTPs demonstrated by the group. It describes the actor ...
ANALYSIS OF THE APT31 INDICTMENT
Blog post providing analysis of a March 2024 US Department of Justice indictment of 7 hackers associated with APT31. The post details attribution ...
GOLD IONIC DEPLOYS INC RANSOMWARE
This blog post from Secureworks describes the intrusion set they track as GOLD IONIC, also known as INC Ransom Group. The post outlines GOLD IONIC ...
Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
This blog post from researchers at Trend Micro discusses the cyberespionage group Earth Hundun and its malware, Waterbear and Deuterbear, which ...
APT41 (Double Dragon): A Dual Espionage and Cyber Crime Operation
This 2022 report by researchers at FireEye threat intelligence outlines the intrusion set they designate as APT41. They describe the group as 'a ...
Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide
This presentation from TeamT5 describes the intrusion set they refer to as TeleBoyi and was presented at JPCERT's JSAC2024 conference on January ...
Alert: CVE-2024-3094, a serious backdoor in XZ Utils, permits RCE
This alert from Vulcan's Voyager18 team outlines a potential supply chain attack against the XZ Utils package for multiple Linux distributions. ...
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...
Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns
This Security Intelligence blog post by researchers at IBM's X-Force describes activity by ITG05 - a group which shows overlap with APT28/Forest ...
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
This Cybersecurity Advisory from CISA and partners details activities of the People's Republic of China (PRC)-linked cyber actors known as ...
GhostSec’s joint ransomware operation and evolution of their arsenal
This Threat Spotlight from Cisco Talos describes the evolution of GhostSec's ransomware operations including their work with the Stormous ...
StopRansomware: Rhysida Ransomware
This is a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and ...
APT37 (REAPER) - The Overlooked North Korean Actor
This special report by FireEye discusses an investigation into APT37, a suspected North Korean cyber espionage group. According to the report, ...
Midnight Blizzard: Guidance for responders on nation-state attack
Following a compromise of Microsoft corporate systems by Midnight Blizzard which was detected on 12th January 2024, this blog post outlines ...
APT1: Exposing One of China's Cyber Espionage Units
The APT1 report represents years of work by Mandiant, who analysed data across hundreds of breaches globally. The report identifies APT1 as a ...
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use against Technology.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1560.001 | Archive via Utility | Collection |
| T1543.003 | Windows Service | Persistence, Privilege Escalation |
| T1594 | Search Victim-Owned Websites | Reconnaissance |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1574.002 | DLL Side-Loading | Defense Evasion, Persistence, Privilege Escalation |
| T1569.002 | Service Execution | Execution |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1505.003 | Web Shell | Persistence |
| T1071.001 | Web Protocols | Command and Control |
| T1070.004 | File Deletion | Defense Evasion |
| T1014 | Rootkit | Defense Evasion |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1003 | OS Credential Dumping | Credential Access |
| T1071 | Application Layer Protocol | Command and Control |
| T1036 | Masquerading | Defense Evasion |
| T1546 | Event Triggered Execution | Persistence, Privilege Escalation |
| T1059 | Command and Scripting Interpreter | Execution |
| T1550 | Use Alternate Authentication Material | Defense Evasion, Lateral Movement |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1572 | Protocol Tunneling | Command and Control |
| T1505 | Server Software Component | Persistence |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1598.003 | Spearphishing Link | Reconnaissance |
| T1070.006 | Timestomp | Defense Evasion |
| T1005 | Data from Local System | Collection |
| T1016.001 | Internet Connection Discovery | Discovery |
| T1057 | Process Discovery | Discovery |
| T1480 | Execution Guardrails | Defense Evasion |
| T1622 | Debugger Evasion | Defense Evasion, Discovery |
| T1547.012 | Print Processors | Persistence, Privilege Escalation |
| T1083 | File and Directory Discovery | Discovery |
| T1140 | Deobfuscate/Decode Files or Information | Defense Evasion |
| T1132.002 | Non-Standard Encoding | Command and Control |
| T1129 | Shared Modules | Execution |
| T1049 | System Network Connections Discovery | Discovery |
| T1027.001 | Binary Padding | Defense Evasion |
| T1573 | Encrypted Channel | Command and Control |
| T1082 | System Information Discovery | Discovery |
| T1497.003 | Time Based Evasion | Defense Evasion, Discovery |
| T1012 | Query Registry | Discovery |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1106 | Native API | Execution |
| T1595.003 | Wordlist Scanning | Reconnaissance |
| T1020 | Automated Exfiltration | Exfiltration |
| T1566.002 | Spearphishing Link | Initial Access |
| T1087.002 | Domain Account | Discovery |
| T1036.007 | Double File Extension | Defense Evasion |
| T1583.001 | Domains | Resource Development |
| T1059.006 | Python | Execution |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1003.001 | LSASS Memory | Credential Access |
| T1110.003 | Password Spraying | Credential Access |
| T1059.001 | PowerShell | Execution |
| T1059.003 | Windows Command Shell | Execution |
| T1586.002 | Email Accounts | Resource Development |
| T1584.004 | Server | Resource Development |
| T1112 | Modify Registry | Defense Evasion |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1608.005 | Link Target | Resource Development |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1003.002 | Security Account Manager | Credential Access |
| T1588.001 | Malware | Resource Development |
| T1033 | System Owner/User Discovery | Discovery |
| T1595.002 | Vulnerability Scanning | Reconnaissance |
| T1588.003 | Code Signing Certificates | Resource Development |
| T1592 | Gather Victim Host Information | Reconnaissance |
| T1087.001 | Local Account | Discovery |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1047 | Windows Management Instrumentation | Execution |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1608.001 | Upload Malware | Resource Development |
| T1608.002 | Upload Tool | Resource Development |
| T1583.003 | Virtual Private Server | Resource Development |
| T1595.001 | Scanning IP Blocks | Reconnaissance |
| T1203 | Exploitation for Client Execution | Execution |
| T1204.002 | Malicious File | Execution |
| T1114 | Email Collection | Collection |
| T1069.002 | Domain Groups | Discovery |
| T1534 | Internal Spearphishing | Lateral Movement |
| T1199 | Trusted Relationship | Initial Access |
| T1656 | Impersonation | Defense Evasion |
| T1007 | System Service Discovery | Discovery |
| T1590 | Gather Victim Network Information | Reconnaissance |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1119 | Automated Collection | Collection |
| T1601.001 | Patch System Image | Defense Evasion |
| T1021.004 | SSH | Lateral Movement |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1090 | Proxy | Command and Control |
| T1562 | Impair Defenses | Defense Evasion |
| T1562.003 | Impair Command History Logging | Defense Evasion |
| T1205 | Traffic Signaling | Command and Control, Defense Evasion, Persistence |
| T1486 | Data Encrypted for Impact | Impact |
| T1204 | User Execution | Execution |
| T1560 | Archive Collected Data | Collection |
| T1010 | Application Window Discovery | Discovery |
| T1090.001 | Internal Proxy | Command and Control |
| T1564.001 | Hidden Files and Directories | Defense Evasion |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1202 | Indirect Command Execution | Defense Evasion |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1021 | Remote Services | Lateral Movement |
| T1074 | Data Staged | Collection |
| T1561 | Disk Wipe | Impact |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1485 | Data Destruction | Impact |
| T1547.001 | Registry Run Keys / Startup Folder | Persistence, Privilege Escalation |
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1564.003 | Hidden Window | Defense Evasion |
| T1219 | Remote Access Software | Command and Control |
| T1587 | Develop Capabilities | Resource Development |
| T1657 | Financial Theft | Impact |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1069.001 | Local Groups | Discovery |
| T1016 | System Network Configuration Discovery | Discovery |
| T1566 | Phishing | Initial Access |
| T1482 | Domain Trust Discovery | Discovery |
| T1003.003 | NTDS | Credential Access |
| T1055.002 | Portable Executable Injection | Defense Evasion, Privilege Escalation |
| T1018 | Remote System Discovery | Discovery |
| T1114.002 | Remote Email Collection | Collection |