This article has been indexed from CSO Online
Detecting compromises by highly skilled attackers is no easy task, requiring advanced network traffic monitoring, behavioral analysis of endpoint logs, and even dedicated threat hunting teams that manually search for signs of compromise by imitating attackers. This is highlighted in a new McAfee report about a long-term compromise discovered on a customer network that started out as a simple malware infection investigation.
McAfee researchers have dubbed the attack campaign Operation Harvest because its goal was the long-term exfiltration of sensitive information that could be used for military strategic purposes and intellectual property that could be used for manufacturing. The group behind the attack was using Winnti, a custom backdoor program that’s believed to be shared by multiple Chinese APT groups.
Read the original article: How APTs become long-term lurkers: Tools and techniques of a targeted attack