Chinese cyber-espionage operator, APT 18, has proven it can breach enterprises by undermining critical security controls when enterprises fail to protect digital certificates and cryptographic keys. As reported by Time, Bloomberg, and others, APT 18 used keys and certificates to compromise a Fortune 200 American health services organization and stole data on 4.5 million patients.
Raxis, an independent penetration testing firm, reconstructed the APT 18 attack in a simulated enterprise environment. Raxis demonstrated how the bad guys were able to bypass security controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that enterprises expect will mitigate threats.
Cybercriminals are phishing with fake sites and real TLS/SSL certificates. Find out how.
Why did Chinese cybercriminals want to breach an American health services company? Perhaps they were hoping to resell personal data or learn how to operate distributed hospital systems for profit. More likely, this was a test—a proof-of-concept attack that was vastly successful in stealing data by undermining the security controls of this Fortune 200 business. Having now proven the attack vector, APT 18 will decide when and where to use the attack on other targets.
How did they do it? This exclusive new infographic highlights the 4 attack stages used by many threats that rely on compromised keys and certificates to bypass existing enterprise security controls. Learn these stages and find out how to ensure your enterprise is not the next headline.
Want to learn more about the Raxis reconstruction of the APT 18 attack with a detailed look at how they bypassed security controls? Watch the on-demand webinar, Keys to the Kingdom.