Asia and Middle East a hotbed of new threat actors in Q1 2018

Posted on Apr 16 2018 - 11:31am by Upgrade Staff

During the first three months of the year, Kaspersky Lab researchers discovered a wave of new APT activity based mainly in Asia – more than 30% of Q1 reports were dedicated to threat operations in this region. A peak of activity was also observed in the Middle East with a number of new techniques used by actors. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

In the first quarter of 2018, Kaspersky Lab researchers continued to detect cyber activities by advanced persistent threat (APT) groups speaking languages including Russian, Chinese, English and Korean, among others. And while some well-known actors didn’t show any noteworthy activity, a rising number of APT operations and new threat actors were detected in the Asian region. This rise is explained in part by the Olympic Destroyer malware attack on the Pyeongchang Olympic Games.

Highlights in Q1, 2018 include:

  • Continuous rise of Chinese-speaking activity, including the ShaggyPanther cluster of activity targeting government entities mainly in Taiwan and Malaysia, and CardinalLizard, which in 2018 increased its interest in Malaysia alongside an existing focus on the Philippines, Russia, and Mongolia.
  • Recorded APT activity in South Asia. Pakistan military entities have been under attack from the newly discovered Sidewinder group.
  • IronHusky APT apparently stops targeting Russian military actors and transfers all its efforts to Mongolia. At the end of January 2018, this Chinese-speaking actor launched an attack campaign on Mongolian government organizations before their meeting with the International Monetary Fund (IMF).
  • Korean peninsula remains in focus. The Kimsuky APT, targeting South Korean think tanks and political activities, has renewed its arsenal with a completely new framework designed for cyberespionage and used in a spear-phishing campaign. Furthermore, a subset of the infamous Lazarus group, Bluenoroff, has shifted to new targets including cryptocurrency companies and Point of Sales (PoS).

Kaspersky Lab also detected a peak of threat activity in the Middle East. For example, the StrongPity APT launched a number of new Man-in-the-Middle (MiTM) attacks on internet service provider (ISP) networks. Another highly skilled cybercriminal group, the Desert Falcons, returned to target Android devices with malware previously used in 2014.

Also, in Q1, Kaspersky Lab researchers discovered several groups routinely targeting routers and networking hardware in their campaigns, an approach adopted years ago by actors such as Regin and CloudAtlas. According to experts, routers will continue to be a target for attackers as a way of getting a foothold in a victim´s infrastructure.

“During the first three months of the year we saw a number of new threat groups of different levels of sophistication, but which, overall, were using the most common and available malware tools. At the same time, we observed no significant activity from some well-known actors. This leads us to believe that they are rethinking their strategies and reorganizing their teams for future attacks.” said Vicente Diaz, Principal Security Researcher at Kaspersky Lab GReAT team.

The newly published Q1 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the first quarter of 2018, Kaspersky Lab’s Global Research and Analysis Team created 27 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

Related Posts

8 security tips for public Wi-Fi users Image provided by Kaspersky Lab Danger often comes from an unexpected direction. For example, while you are alert to pickpockets, criminals may be...
Steps to protect against dating app hacks Over 60 percent of leading dating mobile apps studied, on the Android mobile platform, are potentially vulnerable to a variety of cyber-attacks that p...
PH in Top 10 of APAC markets under malware threat The Philippines is No. 7 in a list of top markets in Asia Pacific under malware threat, according to Microsoft’s Security Intelligence Report (SIR), V...
Two-thirds of business decision makers expect to s... The majority of business decision makers admit that their organization will suffer an information security breach and that the cost of recovery could ...
People at risk of data heartache, and they have th... People love their digital devices. Yet, they put it at risk with dangerous behaviour that compromises security. New research by Kaspersky Lab reveals ...
Ransomware attacks targeting Android-based devices... The number of users attacked by ransomware targeting Android-based devices has increased four-fold in just one year, hitting at least 136,000 users gl...
Fujitsu, Menlo Security partner to deliver isolati... Menlo Security announced that the Menlo Security Isolation Platform (MSIP) was selected by Fujitsu as a key component of its Global Managed Security S...
STORM launches Squares, a cloud-based corporate co... Locally-based human resource solutions provider STORM introduced its latest product, Squares, a cloud-based corporate communications tool that allows ...
New Russian-speaking hacking group hunts for finan... Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia...
Bad password habits ‘like leaving the front ... Internet users across the globe are yet to master how to use passwords effectively to protect themselves online. Research from Kaspersky Lab has shown...
About the Author

Leave A Response