Microsoft has identified a new Chinese state-sponsored threat actor, Storm-2077, targeting U.S. government agencies and various critical sectors globally since January 2024. The group’s activities overlap with TAG-100, as identified by Recorded Future’s Insikt Group.
Key Points:
– Primary targets include:
* Government agencies
* Defense Industrial Base
* Aviation sector
* Telecommunications
* Financial services
* Legal services
Attack Methodology:
1. Exploits internet-facing edge devices
2. Deploys malware including Cobalt Strike, Pantegana, and Spark RAT
3. Uses phishing emails to harvest eDiscovery application credentials
4. Compromises cloud environments to access sensitive information
Parallel Development:
Google’s Threat Intelligence Group has uncovered GLASSBRIDGE, a pro-China influence operation that:
– Operates inauthentic news sites and wire services
– Uses digital PR firms to spread pro-Beijing content
– Infiltrates legitimate news outlets through subdomains
– Targets regional audiences with tailored content
Key Companies Involved in GLASSBRIDGE:
– Shanghai Haixun Technology
– Times Newswire/Shenzhen Haimai Yunxiang Media
– Shenzhen Bowen Media
– DURINBRIDGE
This development highlights China’s evolving cyber warfare and information manipulation tactics, combining traditional cyber attacks with sophisticated influence operations.