Stone Panda

 






About

Stone Panda or APT10 or Red Apollo or MenuPass or POTASSIUM, is a China-backed cyberespionage group, active since 2006. They generally targets aerospace, engineering, and telecom firms of China's rival countries. 

Allegedly, in March 2021, this advanced persistent threat have also targeted the world's largest vaccine makers, Bharat Biotech and Serum Institute of India (SII), by identifying gaps and vulnerabilities in their IT infrastructure and supply chain software. The motive behind this is exfiltrating intellectual property and getting competitive advantage over Indian pharmaceutical companies. 

Tactics

This group use RAT and directly targets managed information technology service providers (MSPs). Generally, an MSP helps manage a company's computer network and can be compromised via Poison Ivy, FakeMicrosoft, PlugX, ArtlEF, Graftor, and ChChes, through spear-phishing emails. 

Prevention

General methods to combat a ransomware attack are as follows-
  • Mandatory strong password policies and multi-factor authentication for all critical services.
  • Use updated or modern Identity and Access Management (IAM) tools.
  • Employ advanced endpoint security products on all endpoints.
  • Regularly update all the software and operating systems. 
  • Have the least privilege approach to security, including the removal of all the unnecessary access to administrative shares and other services.
  • Administer a solid backup strategy including offline, encrypted, and immutable backup of data.

Takeaway!

Stone Panda poses a great threat to various government organizations of different countries. However, it is not impossible to stop and/or mitigate its attacks. Making use of all the advanced anti-threat technologies can surely help in identifying and hunting its malware or spyware. Regular trainings of employees regarding various threat actors and regular network checkups can be of great help in fighting with it.












































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Design Planning (Part 3)