ATK234

Presumed Origin: China < Back

Alias: SPIRAL

ATK234 is a Chinese state sponsored hacker group. Their latest SUPERNOVA attack was discovered at the same time as the Russian SUNBURST on SOLARWINDS 'ORION platform. Although this attack is less sophisticated than that of the Russians and went under the radar. It is nonetheless important. The Chinese group had already seen these techniques used against ZOHO MAIL

 

REFERENCES

Target sector

  • Government and administration agencies
  • Information Technology

Target countries

  • United States Of America

Attack pattern

  • T1021 - Remote Services
  • T1027 - Obfuscated Files or Information
  • T1036 - Masquerading
  • T1056 - Input Capture
  • T1057 - Process Discovery
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1071 - Application Layer Protocol
  • T1078 - Valid Accounts
  • T1195 - Supply Chain Compromise
  • T1543.003 - Windows Service
  • T1553 - Subvert Trust Controls
  • T1568.002 - Domain Generation Algorithms

Motivation

Malwares

  • SUPERNOVA

Vulnerabilities