A new wave of advanced persistent threat (APT) activities were discovered during the first three months of 2018 in Asia and the Middle East, as per Kaspersky Lab's latest quarterly threat intelligence summary.
In the first quarter of 2018, Kaspersky Lab researchers continued to detect cyber activities by APT groups speaking languages including Russian, Chinese, English and Korean, among others. While some well-known actors didn't show any noteworthy activity, a rising number of APT operations and new threat actors were detected in the Asian region.
The report highlighted a constant rise of Chinese-speaking activity, including the ShaggyPanther cluster of activity targeting government entities mainly in Taiwan and Malaysia, and CardinalLizard, which, in 2018, increased its interest in Malaysia alongside an existing focus on the Philippines, Russia, and Mongolia.
In terms of South Asia, it was observed that Pakistan military entities have been under attack from the newly-discovered Sidewinder group.
On the other hand, the report stated that IronHusky APT had ceased targeting Russian military actors and transferred all its efforts to Mongolia. At the end of January 2018, this Chinese-speaking actor launched an attack campaign on Mongolian government organisations before their meeting with the International Monetary Fund (IMF).
Also Read
As per Kaspersky, the Kimsuky APT, targeting South Korean think tanks and political activities, renewed its arsenal with a completely new framework designed for cyber espionage and used in a spear-phishing campaign. Furthermore, a subset of the infamous Lazarus group, Bluenoroff, shifted to new targets including cryptocurrency companies and Point of Sales (PoS).
On the Middle Eastern front, the StrongPity APT launched a number of new Man-in-the-Middle (MiTM) attacks on internet service provider (ISP) networks. Another highly skilled cybercriminal group, the Desert Falcons, returned to target Android devices with malware previously used in 2014.
Researchers also discovered several groups routinely targeting routers and networking hardware in their campaigns, an approach adopted years ago by actors such as Regin and CloudAtlas. According to experts, routers will continue to be a target for attackers as a way of getting a foothold in a victim's infrastructure.
"During the first three months of the year we saw a number of new threat groups of different levels of sophistication, but which, overall, were using the most common and available malware tools. At the same time, we observed no significant activity from some well-known actors. This leads us to believe that they are rethinking their strategies and reorganizing their teams for future attacks," said Principal Security Researcher at Kaspersky Lab GReAT team, Vicente Diaz.
The newly-published Q1 APT trends report summarises the findings of Kaspersky Lab's subscriber-only threat intelligence reports. During the first quarter of 2018, Kaspersky Lab's Global Research and Analysis Team created 27 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.
Disclaimer: No Business Standard Journalist was involved in creation of this content
