Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This presentation, "Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign Against a Foreign Government," delivered by Sophos MDR Operations team members Morgan Demboski and Mark Parsons, sheds light on **Operation Crimson Palace**, a sophisticated and long-running Chinese Advanced Persistent Threat (APT) cyber espionage campaign. The talk details a complex attack against a government organization in a geopolitically sensitive Southeast Asian country, revealing the coordinated efforts of multiple state-sponsored groups, referred to as Cluster Alpha, Cluster Bravo, and Cluster Charlie. Sophos's investigation uncovered two distinct stages of the campaign, with the second stage representing a significant escalation following defensive actions.