Recently, Mr. Xiao Xinguang (director-general of China Cyber security Industry Union and chief architect of Antiy Labs) and Mr. Guan Mochen (a cyber security engineer of Antiy Labs), were interviewed by Focus Interview of CCTV, expressing their views on the cyber-attacks of advanced cyber actors and the defense of cyber security. It was the third time that Antiy was on Focus Interview.

Vedio1：The Introduction of GreenSpot Attack

       Since Stuxnet event, Antiy has paid attention to the evolution of advanced persistent threats, especially for dozens of advanced cyber threat actors such as Equation, White Elephant, APT-TOCS and Greenspot and their attacks to continuous monitoring and in-depth analysis, and published a number of analysis reports.
       In this interview, Antiy’s engineers introduced the theft attack activities of the “GreenSpot” advanced cyber threat actors recently disclosed by Antiy. The “GreenSpot” team has been active for several years, mainly targeting Chinese government departments, aviation, military and other related scientific research institutions with the main goal of stealing high-value data and confidential information, and disseminating them through spear-phishing emails with additional vulnerability documents or binding executable documents. Related threats have exposed the lack of protection of current information systems.

Vedio 2：The Introduction of Dynamic Integrated Defense Mechanism

       The attacker intruded into the software supplier’s upgrade server and replaced the upgrade program to achieve the effect of attacking the intranet. A simple simulation of the process was carried out by Antiy’s engineers, and the important role of dynamic integrated defense mechanism was preliminarily demonstrated. The actual offensive and defensive scenes are much more complicated than this simple demonstration, and the process of threat analysis is more complicated and difficult. Objective enemy situation scenario is the premise of doing a good job in cyber security defense. It has become an unrealistic imagination to stop it from the country by physical separate. The basic idea of protecting vital information systems and critical information infrastructure should be based on “the enemy is inside and the enemy will be inside”.
      Antiy believes that cyber security should be considered in the planning, construction, operation and maintenance of the whole life cycle of information construction according to the principle of Three Synchronization, if we want to do a good job in cyber security protection. Antiy has extended and expanded model based on the SANS “Sliding Scale”, and further proposed the “superposition and evolution” cyber security capability model to provide reference for the construction of user security capability system. The model clearly reveals the relationship among infrastructure security, in-depth defense, situational awareness, the overlap between active defense and threat intelligence, and pre-basic conditions. It shows that high-level security capabilities and means lacking basic security planning and arming will become castles in the air and that high-level cyber-attacks cannot be dealt with without situational awareness and active defense and lacking of threat intelligence.
      The tactical situational awareness platform currently being developed by Antiy can be guided by the superposition and evolution of cyber security capabilities, assisting users to carry out systematic cyber security planning and construction with deep integration and comprehensive coverage, supporting the coordinated operation and enabling of coordinated linkage. It can help to build a cyber security defense against advanced threats.