McAfee Enterprise, an American global computer security software company in California, has reported finding a threat actor group wherein they could dwell and collect data on a victim’s network for many years without being caught. The firm has identified the Chinese advanced persistent threat or APT campaign as “Operation Harvest”, where attackers use a mixture of both recognized and new malware packages in conducting attacks. The security firm has also added that the threat group is well-accomplished and sophisticated.
A CTO from McAfee’s Enterprise Office has stated in a report that the security firm’s response team has identified the APT campaign through a malware infection on a customer network; however, it was eventually revealed to be an extensive intrusion by an alleged Chinese threat group.
A vulnerability in a web access server was exploited by threat actors to acquire initial access to the victim, as discovered by McAfee. From there, they were able to steal sensitive credentials and shift to another system using further privilege escalation exploits by the APT campaign.
McAfee also noted that over the last year, threat actors were progressively using initial access vectors way past spear-phishing, including threatening supply chains or access systems. A method connected to Operation Harvest and other APT groups in obtaining entry includes exploiting public-facing exposures for Initial Access.
Other tools such as backdoors seem to be custom-made by or for group members, in contrast to some used in attacks that are readily available such as hacking and system management tools.
Two traits that have been linked with Chinese state-sponsored attacks include covert theft of IP and government information and long-term attacks.
Operation Harvest, in general, is only focusing on stealing data from its victims.
It is possible for attackers to discreetly operate their plans and steal valuable credentials and data for up to many years without being discovered. The CTO of McAfee strongly believes that Beijing has connections to a group that conducted the attacks intending to acquire intelligence in making political or strategic decisions.