According to security researchers, two-factor authentication is a key component of a solid cyber defense strategy against the current techniques used by cyber espionage actors (emphasis added):
The main tactic used by TG-3390 is to use strategic web compromises or watering-hole attacks to infect their targets, although in one case it has been seen to use a spear phishing attack.
The CTU believes it is seeing just a fraction of TG-3390’s activity, but even in this limited view, it has discovered that the group has infected the websites of 100 organisations across the globe to ensnare its targets.
These compromised websites include a defence manufacturing firm based in Spain, large manufacturing companies, energy companies, embassies, non-governmental organisations focused on international relations, and defence and government organisations.
The researchers said TG-3390 knows exactly which websites their targets are visiting and, as a result, have specifically targeted and compromised 50 entities based in the US and the UK, including auto, electronic, aircraft, pharmaceutical, and oil and gas manufacturers. The group has also compromised educational institutions, law firms, defence contractors and political organisations.
The group placed code on each site that redirected visitors to a malicious site, and if the visitor had an IP address that was of interest, the computer user would be served an exploit kit the next time they returned to the compromised site.