The Defender's Advantage Podcast

The ORB Networks

May 22, 2024

Michael Raggi, Principal Analyst at Mandiant Intelligence, discusses ORB networks used by China-nexus threat actors for cyber espionage. Topics include the anatomy of ORB networks, how they are leveraged by APTs like SPACEHOP, and the implications for defenders. The conversation dives into the evolution of tactics, understanding and communication frameworks, and the challenges of attribution in cyber operations.

29:54

Episode guests

Michael Raggi

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

China Nexus adversaries utilize orb networks to obscure traffic in cyber espionage activities.

Mandiant Intel advocates for frameworks to define orb networks, aiding in attribution amidst complexity.

Deep dives

Evolution of Orb Networks in China Nexus Cyber Espionage

In the podcast, the evolution of orb networks in China Nexus cyber espionage activities is highlighted as a significant shift in the landscape of cyber threats. Orb networks, defined as operational relay box networks, are mesh networks utilized by cyber espionage adversaries to obfuscate their traffic. Unique to China Nexus activities, orb networks are created by private sector entities in China, enabling the use of pseudo botnets by multiple APT actors. This development indicates a rise in a private industry facilitating evasion at scale since 2016, showcasing an upleveling of capability and sophistication.

Intro

4min

Evolving Techniques of China Nexus Orb Networks

9min

Understanding and Communicating About Orb Networks

2min

Exploring SpaceHop as an Example of the Orb Network

3min

Evolving Tactics of Chinese Threat Actors in Cyber Espionage

12min

Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all means for defenders.

For more, check out: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks

Follow Michael on X at @aRtAGGI

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

The Defender's Advantage Podcast

The ORB Networks

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Evolution of Orb Networks in China Nexus Cyber Espionage

Types and Framework of Orb Networks

Challenges in Attribution and Detection of Orb Networks

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

The Defender's Advantage Podcast

The ORB Networks

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Evolution of Orb Networks in China Nexus Cyber Espionage

Types and Framework of Orb Networks

Challenges in Attribution and Detection of Orb Networks

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights