This week, FireEye released their latest APT report – APT30: The Mechanics Behind a Decade Long Cyber Espionage Operation.  The sub-title summarizes the findings: How a Cyber Threat Group Exploited Governments and Commercial Entities across Southeast Asia and India for over a Decade.

What are the surprises in APT30? There are no surprises in APT30.  The bad guys engage in anti-forensics to avoid detection. APT30 tells us that the bad guys use spearphishing to make their initial infiltration:

APT30 LEVERAGES MAJOR POLITICAL TRANSITION AS PHISHING LURE CONTENT IN CAMPAIGN GEARED TO KEY POLITICAL STAKEHOLDERS

This is a sample of the lures used to trick users into compromising their systems:

APT30 Phishing Lure

Source: FireEye APT30

APT30 demonstrates the application of Military Deception in email. Learn more about email and the doctrine of Military Deception by reading our whitepaper Spearphishing Defense Using Deception Countermeasures.