10 Apr 2017
Global campaign targeting multi-national IT service providers
CERT NZ is aware of ongoing targeted attacks against multi-national IT service providers by a group known as APT10.
PwC and BAE Systems have co-authored a comprehensive report on the incident, which is known as Operation Cloud Hopper. It explains the threat in detail, and provides a list of indicators of compromise (IOCs).
What to do
The National Cyber Security Centre (NCSC) is the key point of contact for queries about this threat in New Zealand. NCSC is providing advice on threat protection and response to key government and private sector organisations. Their recommendations to organisations include:
- carrying out an investigation to check networks for any of the indicators included in the PwC and BAE systems reports
- auditing administrative access into the organisation’s networks (especially via third parties) and carrying out the recommendations in cyber security advisory CSA-006-17.
As best practice, CERT NZ also recommends all organisations protect themselves online by implementing the Australian Signals Directorate’s strategies to mitigate cyber security incidents.
If you identify any activity that appears to be malicious, or would like to discuss this further, call the NCSC incident line on 04 498 7654.