Auteur Sujet: [FireEye]Election Cyber Threats in the Asia-Pacific Region  (Lu 108 fois)

0 Membres et 1 Invité sur ce sujet

Hors ligne igor51

  • Admin
  • Mega Power Members
  • *****
  • Messages: 10363
[FireEye]Election Cyber Threats in the Asia-Pacific Region
« le: novembre 23, 2020, 03:00:18 »
Election Cyber Threats in the Asia-Pacific Region

In democratic societies, elections are the mechanism for choosing
  heads of state and policymakers. There are strong incentives for
  adversary nations to understand the intentions and preferences of the
  people and parties that will shape a country's future path and to
  reduce uncertainty about likely winners. Mandiant     href="/content/fireeye-www/en_US/mandiant/threat-intelligence.html">Threat
  Intelligence regularly observes cyber espionage operations we
  believe to be seeking election-related information targeting
  governments, civil society, media, and technology organizations around
  the globe. We have also seen disruptive and destructive cyber attacks
  and propaganda campaigns seeking to undermine targeted governments and
  influence the outcomes of electoral contests.


The 2020 U.S. elections are currently drawing attention to election
  cyber risks, but 2020 has already hosted dozens of elections
  worldwide, with more to come. In the Asia-Pacific region these
  included elections in Taiwan, India, South Korea, and Singapore to
  name a few, with regional elections scheduled for Indonesia in December.


Given the prevalence of such activity worldwide and Mandiant's
  unique visibility into threat actor activity, we believe it is
  worthwhile to examine trends in adversary targeting of elections in a
  variety of regional contexts because the tactics, techniques, and
  procedures (TTPs) used in one region today may soon be deployed or
  mimicked in other regions.


Notable Electoral Targeting in Asia-Pacific Region


Mandiant Threat Intelligence tracked numerous elections-related
  incidents in the Asia-Pacific region in recent years. During this
  time, the most prolific regional actor was China, which we observed in
  more than 20 elections-related campaigns most frequently affecting
  Hong Kong and Taiwan. We believe that China's primary motives for
  elections targeting includes monitoring political developments,
  internal stability, and supporting Belt and Road Initiative (BRI) investments.


Examples of Chinese cyber espionage targeting electoral support
  organizations include:

  • Targeting candidates and related staff associated with the
        November 2019 Hong Kong District Council elections with a malicious
        macro document.
  • Targeting the Australian Parliament in
        February 2019, three months before the country's general
  • Compromising Cambodia's National Election
        Commission in mid-2018 based on the use of AIRBREAK malware by
        APT40, possibly looking to understand the impact of the election
        outcome on Belt and Road Initiative (BRI) plans. See our       href="">blog
        post for more details about this campaign.
  • A spear
        phishing campaign targeting multiple government agencies in
        Southeast Asia in the spring of 2018 to deliver FIREPIT payloads.
        The nature of the lure material and targeting indicate the activity
        was potentially an effort to monitor an upcoming election in the
        affected country.


Specifically, Mandiant has observed multiple instances in which
  organizations such as electoral boards and commissions that support or
  help administer elections have been targeted. Both Russian and Chinese
  cyber espionage operations have targeted election administrators and
  government officials since at least 2014. Observed TTPs include
  phishing and strategic website compromise (SWC), also known as
  watering hole attacks.


For example, in the November 2019 activity targeting Hong Kong
  (previously referenced), Mandiant Threat Intelligence believes that
  candidates or related staff associated with the Hong Kong District
  Council elections were targeted with a malicious macro document just
  prior to the elections based on geolocation information, the
  spear-phishing lure, and other data.


      src="" alt="" />
 Figure 1: Decoy content from phishing email


Elections Ecosystem


As our readers will know, Mandiant takes a specific approach to
  deconstructing attacks against elections, which we detailed in a     href="/content/fireeye-www/en_US/blog/threat-research/2019/05/framing-the-problem-cyber-threats-and-elections.html">previous
    blog post.


Our approach examines threats through the lens of risk posed at
  various levels of the elections ecosystem. We break the elections
  threat landscape into distinct attack surfaces to better allow our
  customers and partners to take action. These include the following:

  • Electoral Platforms Affecting Public Opinion

  • Electoral Process Support Organizations
  • Core Electoral
        Process Systems


      src="" alt="" />
 Figure 2: Attack surfaces associated with
    the electoral process


Top Target of Election Cyber Threat Activity: Public Opinion


Using our ecosystem taxonomy, based on activity observed from 2016
  to 2019, Mandiant Threat Intelligence assesses that actors
  concentrated on "platforms affecting public opinion" much
  more often than "core election systems" such as voting
  machines, or "electoral support organizations" such as
  election commissions.


      src="" alt="" />
 Figure 3: Electoral platforms affecting
    public opinions are most frequently targeted


Globally, we assess that actors continue to deploy disinformation in
  the form of fabricated news and hoaxes spread primarily via social
  media and counterfeit websites designed to mimic legitimate news
  organizations, which may be picked up by legitimate news
  organizations. In the last several years, we have seen influence
  operations use increasingly creative methods to blend their
  inauthentic messaging with legitimate speech (e.g., by interviewing,
  impersonating, and hiring legitimate journalists or experts, and
  sending letters to the editor to real publications).


Malicious actors create and spread disinformation with the intent to
  mislead an electorate by causing reputational damage to an individual
  or political party, or by casting doubt regarding a particular issue
  or political process. Influence campaigns also seek to exacerbate
  existing societal divisions.


In the Asia-Pacific region, Mandiant Threat Intelligence observed
  pro-China threat actors spoof Taiwanese media outlet TVBS (官方網站) to
  promote narratives in line with the People's Republic of China's
  (PRC's) political interests in a coordinated, inauthentic manner. The
  accounts use a variety of tactics in order to pose as Western media
  outlets, including the use of identical or near-identical usernames,
  display names, and profile photos as the accounts of the outlets they imitate.


      src="" alt="" />
 Figure 4: @TVSBnews quote-tweets People's
    Daily video citing alleged U.S. interference in foreign elections


Public exposure of high-profile information operations, such as
  Russia's interference in the 2016 U.S. presidential election, has
  strengthened perceptions that such operations are effective. It also
  demonstrates the difficulty that open societies face in countering
  this threat, encouraging current and aspiring information operation
  sponsors to grow their efforts. We anticipate that influence
  operations conducted in support of the political interests of
  nation-states will increase in sophistication, volume, and diversity
  of actors through 2020 and beyond.


In the last 12 months, Mandiant Threat Intelligence observed and
  reported on information operations conducted in support of the
  political interests of numerous countries. During Singapore's 2020
  general elections, the country's first "digital" election,
  Mandiant Threat Intelligence identified multiple inauthentic accounts.
  These accounts did not, however, appear to be acting in a coordinated manner.


Outlook and Implications


We expect that threat actors will continue to target entities
  associated with elections worldwide for the foreseeable future and may
  expand the scope of this activity as long as the potential rewards of
  these operations outweigh the risks. State-sponsored actors almost
  certainly view targeting the electoral process as an effective means
  of projecting power and collecting intelligence.


Furthermore, the continuous expansion of the social media landscape
  will likely encourage various actors to pursue information operations
  by promoting preferred narratives, including the use of propagating
  inauthentic or deceptive information. We have already seen tactics
  evolve to avoid detection and incorporate emerging technologies, such
  as "deepfake" or multimedia manipulation technology, to
  advance more believable and impactful information operations, and we
  expect these innovations to continue. Lower tech methods, such as
  outsourcing propaganda activities to real people hired specifically to
  spread false and misleading content, can hinder attribution efforts
  and potentially increase the effectiveness of operations if those
  people have a more specialized understanding of the information environment.


To battle election threats, there is an urgent need to increase
  public awareness of the threat and inculcate behaviors that reduce the
  risk of compromise or disruption. These include everything from
  rigorously securing email to implementing policy around notification
  of cyber incidents in the supply chain. In addition, governments can
  consider mandating digital imprint requirements for election
  campaigning, increasing fines for electoral fraud, and increasing
  transparency around digital political advertisements. Investment in
  news verification and screening methodologies on search and social
  media platforms as well as public education efforts equipping voters
  and students to distinguish trustworthy information from suspicions
  may also reduce the impact of influence operations.

Source: Election Cyber Threats in the Asia-Pacific Region


[FireEye]Election Cyber Threats in the Asia-Pacific Region
« le: novembre 23, 2020, 03:00:18 »