Supply chain attacks – Threats targeting service providers and design offices


CERT-FR publishes a new analysis report to alert of a cyber threat whose modus operandi specifically targets service providers and design offices for spying purposes. Information provided in this report is based on ANSSI’s investigations following incident response activities. This document is widely shared by ANSSI in order to enable interested parties to protect themselves from this type of security incident and to benefit the "Cyber Threat Intelligence" community.

This document aims at warning about a cyber threast targeting service providers and design offices. Attackers are compromising these companies networks in order to access data and eventually the networks of their clients.

Information provided in this report is based on ANSSI’s investigations following incident response activities. At this point, analysis suggests two waves of attacks separated in time and without technical evidence of a link between them.

The technical report presents the entire chain of attack under investigation, focusing on elements related to initial compromise, privilege escalation, Lateral movement and operational objectives.

It also presents tools used by the attackers and the recommendations and best practices for service providers, design offices and their clients, in order to prevent as much as possible these incidents.

Download “SUPPLY CHAIN ATTACKS – THREATS TARGETING SERVICE PROVIDERS AND DESIGN OFFICES

ANSSI shares its knowledge of cyber threat intelligence (CTI)

As part of its operational missions, ANSSI relies on the expertise of analysts specialized in international relations, attack operating modes and reverse engineering of malicious code and vulnerabilities, in order to study cyberattacks.

The results of some of the analysis work relating to CTI conducted by ANSSI are widely shared with the entire community through the “Threats and Incidents” section of the CERT-FR website.