Recent findings reveal that a burgeoning Chinese state threat actor, identified as Storm-2077, has been targeting U.S. government entities and non-governmental organizations since at least January 2024. Reports from Microsoft detail that this group has launched cyber attacks against various sectors including the Defense Industrial Base, aviation, telecommunications, as well as financial and legal services worldwide.
Storm-2077’s activities align with another threat group tracked by Recorded Future’s Insikt Group, designated as TAG-100. The cyber adversary has been employing sophisticated attack strategies that exploit vulnerabilities in internet-facing edge devices. Initial access is often gained through publicly available exploits, allowing the installation of Cobalt Strike alongside open-source malware variants like Pantegana and Spark RAT.
Microsoft highlighted that the attribution of Chinese cyber operations has become increasingly complex due to evolving tactics following past government indictments and public disclosures about these threat actors. Storm-2077’s operations include intelligence-gathering missions that utilize phishing emails to collect valid credentials, particularly for eDiscovery applications, which may facilitate the exfiltration of sensitive emails.
Moreover, the group has been effective in accessing cloud environments by harvesting credentials from compromised endpoints and, upon obtaining admin access, has been known to create applications with mail read rights to broaden their operational reach.
In a separate but related issue, Google’s Threat Intelligence Group has unveiled an influence operation named GLASSBRIDGE. This operation amplifies pro-China narratives through a network of fake news sites and newswire services. Google has taken preventive measures, blocking over a thousand GLASSBRIDGE sites since 2022.
These fake news sites, posing as independent outlets, are linked to a small number of digital public relations firms that republish content from China’s state media and other commissioned materials. Noteworthy firms involved include Shanghai Haixun Technology and Shenzhen Bowen Media, both engaged in disinformation efforts to promote narratives beneficial to the Chinese government.
This highlights an ongoing trend where misinformation tactics extend beyond social media, utilizing seemingly legitimate news channels to profoundly influence public perception across various regions.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.