Attackers may compromise a subsidiary organization before moving into the parent organization.

Third parties may need access to data on your network. Your team should have an idea of what type of data they need and where that data is located. Access control should be put in place to limit the third party.

Malware/Threat actors

Name	Type	Years	Source
APT38	threat actor	2014-2018	rpt-apt38-2018-web_v4.pdf
APT28	threat actor	2008-2016	APT28-Center-of-Storm-2017.pdf CYBERWAR-fd_2_.pdf JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf journey-zebrocy-land threat-group-4127-targets-hillary-clinton-presidential-campaign stamp.jsp?tp=&arnumber=7460498&tag=1
menuPass	threat actor	2009-2014	unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations
APT10	threat actor	2018	cloud-hopper-report-final-v4.pdf cloud-hopper-report-final-upda_72977.pdf cta-2019-0206.pdf

Preventions

<Mitigation techniques>

Detections

• Monitor the network mechanism between you and the third party for malicious activity. Make a detection ruleset of tuples(IP address, protocol, port) to detect if a connection does not follow these rules.

Toolkit

<Toolkit instructions, if applicable>

Similar techniques

• VPN tunneling
• Reverse RDP tunnel
• Certificate impersonation
• Domain spoofing
• ARP spoofing

References

• Ensuring Network Security When Working with Third Party Vendors: Part 2 of 2
• Third parties leave your network open to attacks