Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia (Jul 24, 2019)
An Advanced Persistent Threat (APT) email campaign has been targeting government agencies in Eastern Asia since early 2019, according to Proofpoint researchers. The campaign, dubbed “Operation LagTime IT,” consists of threat actors distributing malicious Rich Text Format (RTF) documents to government entities associated to various sectors including: domestic affairs, economic development, foreign affairs, information technology, and political process. The RTF documents are distributed in attempts to exploit a Microsoft Equation Editor vulnerability registered as CVE-2018-0798. Analysts attribute this activity to a Chinese APT group dubbed, “TA428.”
Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.