A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

9 snips

Feb 1, 2025

Juan Andres Guerrero-Saade, a security researcher at SentinelOne's SentinelLabs, discusses the alarming tactics used in Operation Digital Eye, where a Chinese threat actor targets critical digital infrastructure. He reveals the use of Visual Studio Code Tunnels and sophisticated methods like SQL injection. The conversation also dives into the complexities of Chinese APT dynamics, emphasizing the need for robust endpoint protection against supply-chain attacks. Guerro-Saade warns about the vulnerabilities within development tools and the rise in cyber espionage activities across Europe.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Digital Eye Overview

Operation Digital Eye is the latest in a series of attacks targeting telcos and critical infrastructure.
The attackers use custom tools and modify existing ones like Mimikatz.

INSIGHT

Initial Access Methods

Attackers initiate access through SQL injection and then deploy a web shell.
This foothold allows further malicious activities within the victim's network.

ANECDOTE

Visual Studio Code Tunnels Abuse

Attackers abuse Visual Studio Code's remote tunnels for command-and-control, masking traffic as normal developer activity.
They further obfuscate their activity by using Azure Cloud, making detection even harder.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

Digital Eye Overview

Initial Access Methods

Visual Studio Code Tunnels Abuse

The research can be found here: