high_confidence

Operation Digital Eye

[Operation Digital Eye](https://attack.mitre.org/campaigns/C0061) was conducted in June and July of 2024 by suspected People's Republic of China (PRC)-nexus threat actors targeting business-to-business IT service providers in Southern Europe. [Operation Digital Eye](https://attack.mitre.org/campaigns/C0061) activity included the use of Visual Studio Code tunnels for command and control (C2) and custom lateral movement capabilities. Overlaps in tooling between Digital Eye and previous China-nexus campaigns, Operation Soft Cell and Operation Tainted Love, indicate the potential use of shared vendors or digital quartermasters.(Citation: sentinelone operationDigitalEye Dec 2024)

Start date

1 June 2024

End date

1 July 2024

Techniques

Attributed actors

APT41· primary

Techniques (22)

command-and-control2

T1219.001IDE Tunneling

T1665Hide Infrastructure

credential-access2

T1003.001LSASS Memory

T1003.002Security Account Manager

discovery5

T1018Remote System Discovery

T1087.001Local Account

T1069.001Local Groups

T1033System Owner/User Discovery

T1614.001System Language Discovery

execution3

T1059.003Windows Command Shell

T1569.002Service Execution

T1106Native API

initial-access1

T1190Exploit Public-Facing Application

lateral-movement2

T1021.001Remote Desktop Protocol

T1550.002Pass the Hash

persistence3

T1505.003Web Shell

T1543.003Windows Service

T1098.004SSH Authorized Keys

privilege-escalation2

T1543.003Windows Service

T1098.004SSH Authorized Keys

reconnaissance1

T1591Gather Victim Org Information

resource-development1

T1588.002Tool

stealth2

T1036.005Match Legitimate Resource Name or Location

T1070.004File Deletion

Indicators of compromise

No IOCs linked to this campaign yet.