State-sponsored attackers continued to be extremely active in 2018 with major groups from at least a dozen countries involved in operations targeting government, business, and civilian targets throughout the year, according to analyses by two security firms. While advanced persistent threat (APT) groups have, in the past, often used custom frameworks to help compromise systems and exfiltrate data, current groups are just as likely to use open-source malware and legitimate administration tools as a way to avoid detection and attribution. In a report released this week, managed security service provider Secureworks highlighted one group—Bronze Union (aka APT27 and Emissary Panda)—as a good example of these tactics becoming more common among APT groups.
Source: Dark Reading