No targets left behind

Microsoft would like to present on Storm-2077, a China-based threat actor that we assess conducts intelligence collections. Storm-2077 has targeted government agencies and non-governmental organizations in the United States, including in recent activity that demonstrates interest in US elections. Additionally, several targets in other countries and industries include members of the Defense Industrial Base (DIB), aviation, telecommunications, financial, and legal services. We’ll walk through their specific techniques, tactics, and procedures (TTPs) of Storm-2077, to include the use of initial access vectors of exploiting public-facing applications and spear-phishing to gain initial access.