ACSC Releases Advisory on Nation-State Targeting
NJCCIC Alert
Original Release Date: 6/26/2020
Summary
The Australian Cyber Security Centre (ACSC) released an advisory detailing the tactics, techniques, and procedures (TTPs) used to target several Australian networks in what are called “Copy-Paste Compromises.” A sustained campaign is targeting Australian government and business networks by a well-coordinated, sophisticated nation-state threat actor. The most prevalent initial access vector is the exploitation of public-facing systems, primarily through the use of a remote code execution vulnerability in unpatched Telerik UI. Additionally, the threat actor is exploiting a deserialization vulnerability in Microsoft IIS, a SharePoint vulnerability, and a 2019 Citrix vulnerability. The threat actor also engages in spear-phishing techniques that contain links to credential harvesting websites, malicious files, and prompts to grant Office 365 OAuth tokens.
Recommendations
The NJCCIC recommends reviewing the ACSC advisory and applying the provided mitigations. Nation-state threat actors can employ the same TTPs outlined in the advisory to target US government and business networks.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.