It is well known that state actors (such as intelligence agencies) and those sponsored by hostile states commonly use cyber attack measures to further their objectives. For years, cyber security firms and law enforcement have tracked cyber threats created and deployed by threat actors intent on attacking the west. Now, it appears that a new twist is becoming more common with certain cyber threats associated with China: open source, widely available tools being used to disguise threats or cover the tracks of threat actors. Use of such tools allows potentially high-stakes threats to blend in with other cybercrime. Essentially, this activity represents sophisticated actors using down-market tools that disguise the true nature of the threat.
WHY IT MATTERS
Cyber attacks are a perennial business problem as well as a national security issue. Threat actors can compromise business proprietary information, personal information that is protected by law, and customer confidential information that triggers contractual issues. Suffering an attack is disruptive, at minimum; and often, it is also very costly. One key issue is that threat actors are often able to penetrate a system and spend time there for months before taking action or being detected. This allows them to steal data for sale, to look for access to information that could help them with a phishing campaign (e.g., accounts payable communications with customers), to seek data that can gain them access to a customer's system, and more. If bad actors are now able to use cheap, easily-found tools to disguise their efforts, it may make both detection and remediation more difficult.
The attached article is long on tech-y details about certain methods and tools being used to gain access to systems. Of particular note: not all types of entities are being targeted, but technology companies are. The article also states that the investigations to date suggest use of typosquatting domains and phishing campaigns to gain access to target systems.
In addition to beefing up cyber defenses, vulnerable businesses might choose to deliver training and reminders to employees about phishing, employ anti-phishing security measures, and take action to prevent use of domain names that could be sources of typosquatting efforts.
/Passle/5fe0c4f453548a10fc881e09/MediaLibrary/Images/2025-04-17-12-52-44-384-6800f99c520bb6aab0373f03.png)
/Passle/5fe0c4f453548a10fc881e09/MediaLibrary/Images/2025-03-22-14-33-09-707-67deca25b579434345cff544.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2025-04-09-14-54-38-400-67f68a2ecb1f4cb7de74442c.jpg)