First official Procedures library update, Chinese State-Sponsored Global Network Compromises
Procedures
- Tidal Cyber released our first official Procedures library update. We published nearly 400 additional Sightings derived from dozens of new threat reports dated as recently as late last week. This is just the first of many regular updates as we finalized new infrastructure & processes for this.
Threat Profiles & Threat Objects
“Trending & Emerging Threats” weekly update: Chinese State-Sponsored Global Network Compromises
- The latest U.S./international cybersecurity advisory detailed a years-long, global campaign attributed to Chinese state-sponsored actors, who targeted network devices to compromise a large number and variety of entities for espionage purposes.
-
- The unusually large number of global agencies contributing to the advisory (23) underscores its significance. Authorities indicated that the activity covered in this alert overlaps with activity reported by security vendors as Salt Typhoon, a Group that we originally published, merged with MITRE’s version, and have continued to heavily “extend”.
- New Campaign object added covering Microsoft’s latest public threat intelligence report. The Storm-0501 ransomware actor, notable for its ability to pivot from on-premises to cloud environments, has continued to evolve its TTPs, especially around cloud account permissions, in order to successfully attack more victims.