Last year’s attack by “Red Apollo” wasn’t targeted into individual companies. The biggest cyber-espionage campaign was carried on by targeting the cloud providers. With the use of their network, they have managed to install spying tools in companies all around the globe.
Although, the tactics wasn’t know and used before, it is clear how much this activity was opportunistic and thought ahead. Before, Chinese hackers were targeting individual companies, government institutions or even individual employees in order to carry out the attack (spear-phishing). This type of attacks, however, needed more scrupulous preparation in order to look through the whole work environment.
Operation Cloud Hopper as it was nicknamed by Red Apollo was an attack on a small number of cloud service providers which then led to giving it the potential to spread malware to all the clients using these outsourcing companies to run their computer networks. All of that thanks to the net of clients and especially cloud provider who don't always feature the same level of security protections.
The indirect approach shows how fast the strategy develops among the attackers. The tactics change nearly every time after a major attack which signifies how important are the blockades not only internally but also to secure own network of partners and clients.
Now, we can categorize the last year’s events as a supply chain attacks. The third party are becoming to be now more and more analysed as well as official instructions are often issued how to protect your business. One of the best highlights was given by NCSC which provides the guidelines before the four most prevalent supply chain attacks.
However, it is on our side to look carefully into all the tools that we are using in the company network and implement appropriate protection techniques and mechanisms. Because even if you are not the target yourself, you might be on the attacker’s way which will make you a victim.