Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky unveils latest APT trends for Q2

A significant new revelation was the exposure of the long-running “Operation Triangulation” campaign involving the use of a previously unknown iOS malware platform. Experts also observed other interesting developments that they believe everyone should be aware of. Here are key highlights from the report: 

In Kaspersky’s latest report on Advanced Persistent Threats (APTs) trends for the second quarter of 2023, researchers analyze the development of new and existing campaigns. The report highlights APT activity during this period including the updating of toolsets, the creation of new malware variants, and the adoption of fresh techniques by threat actors.

A significant new revelation was the exposure of the long-running “Operation Triangulation” campaign involving the use of a previously unknown iOS malware platform. Experts also observed other interesting developments that they believe everyone should be aware of. Here are key highlights from the report: 

Asia-Pacific witnesses a new threat actor – Mysterious Elephant

Kaspersky uncovered a new threat actor belonging to the Elephants family, operating in the Asia-Pacific region, dubbed “Mysterious Elephant”. In their latest campaign, the threat actor employed new backdoor families, capable of executing files and commands on the victim’s computer, and receive files or commands from a malicious server for execution on the infected system. While Kaspersky researchers have observed overlaps with Confucius and SideWinder, Mysterious Elephant possesses a distinctive and unique set of TTPs, setting them apart from these other groups.

Advertisement. Scroll to continue reading.

Toolsets upgraded: Lazarus’ develops new malware variant, BlueNoroff attacks macOS, and more

Threat actors are constantly improving their techniques, with Lazarus upgrading its MATA framework and introducing a new variant of the sophisticated MATA malware family, MATAv5. BlueNoroff, a financial attack-focused subgroup of Lazarus, now employs new delivery methods and programming languages, including the use of Trojanized PDF readers in recent campaigns, the implementation of macOS malware, and the Rust programming language. Additionally, ScarCruft APT group has developed new infection methods, evading the Mark-of-the-Web (MOTW) security mechanism. The ever-evolving tactics of these threat actors present new challenges for cybersecurity professionals.

Geopolitical influences remain primary drivers of APT activity

APT campaigns remain geographically dispersed, with actors concentrating their attacks on regions such as Europe, Latin America, the Middle East and various parts of Asia. Cyber-espionage, with a solid geopolitical backdrop, continues to be a dominant agenda for these endeavors.

“While some threat actors stick to familiar tactics like social engineering, others have evolved, refreshing their toolsets and expanding their activities. Moreover, new advanced actors, such those conducting the ‘Operation Triangulation’ campaign, constantly emerge. This actor uses a previously unknown iOS malware platform distributed through zero-click iMessage exploits. Staying vigilant with threat intelligence and the right defense tools is crucial for global companies, so they can protect themselves against both existing and emerging threats. Our quarterly reviews are designed to highlight the most significant developments among APT groups to help defenders combat and mitigate related risks,” comments David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).

Advertisement. Scroll to continue reading.

In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:

  • Ensuring the security of your system, it is crucial to promptly update your operating system and other third-party software to their latest versions. Maintaining a regular update schedule is essential in order to stay protected from potential vulnerabilities and security risks
  • Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
  • Use the latest Threat Intelligence information to stay up-to-date with the actual TTPs used by threat actors.
  • For endpoint level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response.
  • Dedicated services can help combat high-profile attacks. The Kaspersky Managed Detection and Response service can help identify and stop intrusions in their early stages, before the perpetrators achieve their goals.  If you encounter an incident, Kaspersky Incident Response service will help you respond and minimize the consequences, in particular – identify compromised nodes and protect the infrastructure from similar attacks in the future.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement