Comparing Chinese APTs in Software Supply Chain Attacks

This is to accompany my talk at Defcon 29 Adversary Village (ZOMG really thrilled to say that). It’s a work in progress. Chinese APTs are wonderfully, frustratingly complex entities. There’s a lot of overlap, sharing of tools, techniques, malware. Of note was certificate abuse across the board. And several companies with striking resemblance to SolarWInds offering trusted high level network management to major organizations and government globally. It’s happened before, it will happen again.

So take this as a starting point. Rather than reinvent the wheel, check the links in the file for download to Thaicert’s excellent site on Threat actors, and of course the relevant pages from MITRE. I’ll revise and refresh this as I dig deeper. These attacks are only going up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s