Cicada Attack Lays Low, Then Strikes

Symantec cybersecurity workers warn of a campaign by a Chinese Ministry of State Security system they call Cicada. It lays low for an extended period – often as long as nine months  – inside the networks of victims. Although it has been active for years, evidence of the latest attacks only surfaced in February of this year. The recent activity may be the result of unpatched vulnerabilities in the Microsoft Exchange dating back to early 2021. Identified victims of the attacks include pharmaceutical companies, law firms, and telecommunications firms in many countries, including the U.S. and Canada. The attackers use a variety of tools including file-free malware, which can evade detection and is capable of encrypting information sent back to command and control servers operated by the attackers. Researchers believe that the goal of the campaign is information theft and intelligence gathering. They recommend the introduction of one-time credentials for administrative work and continuous monitoring for suspicious activity.  In some cases, the attackers spend as long as nine months inside the networks of victims.