Threat actors have found a new way to dodge security professionals, using popular websites’ legitimate functionalities to hide their hacking operations. FireEye Threat Intelligence and Microsoft Threat Intelligence Center discovered a China-based threat group dubbed APT17 using Microsoft’s TechNet blog for its Command-and-Control (CnC) operation.
Interestingly, APT17 chose not to compromise TechNet, but rather created profiles and posted in forums to post its encoded CnC. Doing so made it more difficult for network security professionals to determine the CnC’s true location, which allowed APT17 to conduct its activities for longer than it might have otherwise.
This report details how we discovered the operation, what was done to shut it down, and how other threat groups have already adopted a “hide in plain sight” approach to hacking.
Download the report to find out:
Download the Report