This week, FireEye released their latest APT report – APT30: The Mechanics Behind a Decade Long Cyber Espionage Operation. The sub-title summarizes the findings: How a Cyber Threat Group Exploited Governments and Commercial Entities across Southeast Asia and India for over a Decade.
What are the surprises in APT30? There are no surprises in APT30. The bad guys engage in anti-forensics to avoid detection. APT30 tells us that the bad guys use spearphishing to make their initial infiltration:
APT30 LEVERAGES MAJOR POLITICAL TRANSITION AS PHISHING LURE CONTENT IN CAMPAIGN GEARED TO KEY POLITICAL STAKEHOLDERS
This is a sample of the lures used to trick users into compromising their systems:
Source: FireEye APT30
APT30 demonstrates the application of Military Deception in email. Learn more about email and the doctrine of Military Deception by reading our whitepaper Spearphishing Defense Using Deception Countermeasures.