In an environment without sufficient transparency, malware and trackers can thrive.Īndroid’s privacy and security woes are amplified by cellphone companies and hardware vendors, which bolt on dodgy Android apps and hardware drivers. “Operation SMN: Axiom Threat Actor Group Report 公理队.” Novetta Corporation, 2014.Google’s choice to limit copyleft’s presence in Android, its disdain for reciprocal licenses, and its begrudging use of copyleft only when it “made sense to do so” are just symptoms of a deeper problem. “Security Firm Bit9 Hacked, Used to Spread Malware.” Krebs on Security RSS, February 8, 2013.
“Hidden Lynx – Professional Hackers for Hire.” Symantec Corporation, 2013. Stephen Doherty, Jozsef Gegeny, Branko Spasojevic, Jonell Baltazar.“APT1 Exposing One of China’s Cyber Espionage Units.” Mandiant, 2013. “ZoxPNG Analysis.” Novetta Corporation, 2014. “A New Approach to China.” Official Google Blog, January 12, 2010. It’s important to note that many companies cannot invest the time, effort and resources that Google did after their breach, so in the next article in this blog series, we’ll focus on a deep dive into how data-centric security can be effective at defending against advanced threat activity. Google’s updated security architecture, BeyondCorp and concepts like Zero Trust provide us a reference model and strategic framework for defense against advanced threats. With highly advanced technology and processes, a large number of people and the financial backing of a nation-state, defense against Elderwood (and its ilk) is neither trivial nor easy. 6 Many of the exploits are linked to ZoxPNG tool activity showing that the group and this generation of tools was active since 2008. 4 Initial access was achieved through a variety of techniques, from mundane SQL injection attacks 5 to the use of zero-day exploits delivered through email spear phishing and extensive watering hole campaigns. 4 The level of tradecraft demonstrated shows that the attackers leveraged multiple teams and skill sets, and consisted of at least 50 trained personnel. McAfee) enables us to get a fairly clear picture of the Elderwood’s resourcing,ĭigging into the attacks a bit deeper, the information security community have a high degree of certainty that Operation Aurora originated from China and was sponsored by the Chinese government. Intelligence reports from different vendors (Mandiant, FireEye, Symantec, Public information through a variety of threat and Tool/references and names (sometimes used to.
Options defenders have to help us mitigate attacks like these in the future. Understanding of the strategies that are advocated as well as the tactical
Deeper understanding of the threat landscape helps build Understand Google’s motivations for BeyondCorp and Forrester’s motivations for The attackers of that time enables us to use threat activity as a guide to Reviewing Zero Trust and BeyondCorp from the perspective of The activities and unmatched success of the Elderwood and APT1 (Chinese) nation-state threat actors shaped the next generation of security technologies and strategies. In this post we will dive into the origins of BeyondCorp and Zero Trust through the lens of Operation Aurora (aka “the Google hack”). Highly effective nation-state attacks, especially those against Google (one of the best resourced corporate security teams in the world) changed that attitude. Rolling back the clock to the 2008–2013 time period, there was a general belief that while defense-in-depth was a good idea, perimeter security was enough to keep crown jewels safe. The threat actor, Elderwood, was active since (at least) 2008, suggesting that Google and others may have been compromised for one to two years before detecting the attack and disclosing the breach. 1 Google described the attack as “a highly sophisticated and targeted attack on corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.” 1 This is the first and last time that Google has disclosed being successfully and extensively compromised by an outside attacker. The attack impacted at least 20 companies in addition to Google. Operation Aurora is one of the largest and most successful cyberattack campaigns against global technology and defense companies.
This article is the second of a series on Zero Trust.