Skip to main content
banner image
venafi logo

How an Attack by a Cyber-espionage Operator Bypassed Security Controls

How an Attack by a Cyber-espionage Operator Bypassed Security Controls

How an Attack by a Cyber-espionage Operator Bypassed Security Controls
January 28, 2015 | Kevin Bocek

Chinese cyber-espionage operator, APT 18, has proven it can breach enterprises by undermining critical security controls when enterprises fail to protect digital certificates and cryptographic keys. As reported by Time, Bloomberg, and others, APT 18 used keys and certificates to compromise a Fortune 200 American health services organization and stole data on 4.5 million patients.
 

Raxis


Raxis, an independent penetration testing firm, reconstructed the APT 18 attack in a simulated enterprise environment. Raxis demonstrated how the bad guys were able to bypass security controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that enterprises expect will mitigate threats.

Cybercriminals are phishing with fake sites and real TLS/SSL certificates. Find out how.
 

Why did Chinese cybercriminals want to breach an American health services company? Perhaps they were hoping to resell personal data or learn how to operate distributed hospital systems for profit. More likely, this was a test—a proof-of-concept attack that was vastly successful in stealing data by undermining the security controls of this Fortune 200 business. Having now proven the attack vector, APT 18 will decide when and where to use the attack on other targets.
 

How did they do it? This exclusive new infographic highlights the 4 attack stages used by many threats that rely on compromised keys and certificates to bypass existing enterprise security controls. Learn these stages and find out how to ensure your enterprise is not the next headline.
 

Want to learn more about the Raxis reconstruction of the APT 18 attack with a detailed look at how they bypassed security controls? Watch the on-demand webinar, Keys to the Kingdom.
 

undermining security infographic

 

Learn more about machine identity protection. Explore now.

 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CA Agility: What Should Security Leaders Do Next?

Maximizing Your CA Agility: Why This Issue Is So Important Right Now

new Venafi technology network

Venafi Technology Network Changes the Way Machine Identities Are Protected

About the author

Kevin Bocek
Kevin Bocek

Kevin is Vice President of Security Strategy & Threat Intelligence at Venafi. He is recognized as a subject matter expert in threat detection, encryption, digital signatures, and key management, and has previously held positions at CipherCloud, PGP Corporation and Thales.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat