CyberWire Daily

A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

Feb 1, 2025

Juan Andres Guerrero-Saade, a security researcher at SentinelOne's SentinelLabs, discusses the alarming tactics used in Operation Digital Eye, where a Chinese threat actor targets critical digital infrastructure. He reveals the use of Visual Studio Code Tunnels and sophisticated methods like SQL injection. The conversation also dives into the complexities of Chinese APT dynamics, emphasizing the need for robust endpoint protection against supply-chain attacks. Guerro-Saade warns about the vulnerabilities within development tools and the rise in cyber espionage activities across Europe.

27:07

Creator website

Episode guests

Juan Andres Guerrero-Saade

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Operation Digital Eye highlights the sophisticated tactics used by Chinese APT groups to exploit vulnerabilities in critical digital infrastructure via innovative methodologies like Visual Studio Code tunneling.

The essential need for enhanced security measures and advanced behavioral analytics is emphasized to combat the complexities of detecting modern cyber threats in enterprise environments.

Deep dives

Overview of Operation Digital Eye

Operation Digital Eye represents a significant development in cyber threats targeting critical digital infrastructure, particularly from a Chinese APT group. This operation reveals the ongoing pattern of sophisticated attacks against telecommunications and similar sectors, leveraging a variety of techniques for initial access. The campaign's evolution from earlier operations like SoftCell and Tainted Love illustrates the persistent risk posed by these actors and their adaptive methodologies. This continuity reinforces concerns regarding the vulnerabilities in digital infrastructure that are exploited through innovative cyber intrusion tactics.

Intro

2min

Operation Digital Eye: Unveiling Cyber Espionage

8min

Exploring Cyberattack Operations: Understanding SoftCell and Tainted Love

5min

Complex Dynamics of Chinese APT Ecosystem

2min

Shifting Focus: Endpoint Protection in Cyber Defense

2min

Securing Development Tools Against Supply Chain Attacks

4min

Wrapping Up Insights on Digital Espionage

2min

This week, Dave Bittner is joined by Juan Andres Guerrero-Saade (JAGS) from SentinelOne's SentinelLabs to discuss the work his team and Tinexta Cyber did on "Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels."

Tinexta Cyber and SentinelLabs have been tracking threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, we assess that it is highly likely these attacks were conducted by a China-nexus threat actor with cyberespionage motivations.

The relationships between European countries and China are complex, characterized by cooperation, competition, and underlying tensions in areas such as trade, investment, and technology. Suspected China-linked cyberespionage groups frequently target public and private organizations across Europe to gather strategic intelligence, gain competitive advantages, and advance geopolitical, economic, and technological interests.

The research can be found here:

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

Learn more about your ad choices. Visit megaphone.fm/adchoices

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

CyberWire Daily

A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Overview of Operation Digital Eye

Innovative Attack Techniques

Challenges in Detection and Mitigation

The research can be found here:

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

CyberWire Daily

A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Overview of Operation Digital Eye

Innovative Attack Techniques

Challenges in Detection and Mitigation

The research can be found here:

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights