APT 10 and Managed Service Providers (MSPs)

We are very fortunate to have Cindy Faith present her own research as an unaffiliated cybersecurity professional. The FBI's indictment of the Advanced Persistent Threat (APT) 10 Chinese hacking group is the jumping off point for her presentation to get at the core cyber security issues.

As alleged in the Indictment, from at least 2006 through 2018, the defendants conducted extensive campaigns of global intrusions into computer systems aiming to steal, among other data, intellectual property and confidential business and technological information from more than at least 45 commercial and defense technology companies in at least a dozen states, managed service providers (“MSP”), which are companies that remotely manage the information technology infrastructure of businesses and governments around the world, and U.S. government agencies.

The targeted victim companies were involved in a diverse array of commercial activity, industries, and technologies, including aviation, space and satellite technology, manufacturing technology, oil and gas exploration, production technology, communications technology, computer processor technology, and maritime technology. In addition, for example, the APT 10 Group’s campaign compromised the data of an MSP and certain of its clients located in at least 12 countries including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States.

Presenter’s Bio: Cindy Faith is presenting her own research as a cybersecurity professional without affiliation to her current position, employer, prime contractor, etc. References to open source material will be provided along with the presentation slides.

Cindy began her career when computer security was defined by the “rainbow series” – color-coded books of security standards and guidance published by NSA’s National Computer Security Center (NCSC). Cindy’s team built a compartmented mode workstation (CMW) under NSA’s trusted security evaluation program in the early 1990s. This work sparked her long-term interest in computer and cyber security. Cindy's employment engagements include work as an unarmed security guard; Information Systems Security Officer (ISSO); senior security consultant; and business owner. She is a support contractor for the Cybersecurity and Infrastructure Security Agency (CISA), supporting cyber operations in the National Cybersecurity and Communications Integration Center (NCCIC) which monitors and responds to national-level physical and cyber threats. For more about CISA, see https://www.dhs.gov/CISA Cindy’s background can be found here: https://www.linkedin.com/in/cindyafaith

MEETUP LOCATION: Marymount University Ballston Center, 1000 N. Glebe Road, Arlington, Virginia. Parking is available in their underground garage; entrance on N. Wakefield Street. Go to lobby and take elevator to 2nd Floor. Turn to your left to another elevator to fourth floor. Follow signs to the assigned room that will be determined by number of people who RSVP.

Besides earning Professional Development Units (PDUs) for participating our RMF LifeBoat ISSA Education Group meeting, we all receive the encouragement and help we need for our cyber security professional growth. The friendly interactive presentations by our members of the meetup always lead to lively respectful discussions. Members always take away information that they that can be applied on the job in the following weeks! In additional our LifeBoat group meetings provide opportunities for the all-important professional networking. If you have a vexing problem, share with like-minded security professionals. They may have already successfully developed a way forward to resolve it.