Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries (Mar 16, 2018)
Activity of a suspected Chinese cyber espionage group has been unveiled by FireEye researchers. The group, dubbed "TEMP.Periscope" (Leviathan), has been active since at least 2013. Researchers have discovered that the group has been conducting a campaign against U.S. engineering and maritime entities involved in the South China Sea. The group has recently "re-emerged" with a revised toolkit. The initial vector the group uses is spear phishing emails with malicious documents levegering "CVE-2017-11882" to drop their malware.
Recommendation: Defense in depth (layering of security mechanisms, redundancy, fail safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spear phishing, and how to identify such attempts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.