During the first three months of the year, Kaspersky Lab researchers discovered a wave of new APT activity based mainly in Asia – more than 30% of Q1 reports were dedicated to threat operations in this region. A peak of activity was also observed in the Middle East with a number of new techniques used by actors. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

 

In the first quarter of 2018, Kaspersky Lab researchers continued to detect cyber activities by advanced persistent threat (APT) groups speaking languages including Russian, Chinese, English and Korean, among others. And while some well-known actors didn’t show any noteworthy activity, a rising number of APT operations and new threat actors were detected in the Asian region. This rise is explained in part by the Olympic Destroyer malware attack on the Pyeongchang Olympic Games.

 

Highlights in Q1, 2018 include:

  • Continuous rise of Chinese-speaking activity, including the ShaggyPanther cluster of activity targeting government entities mainly in Taiwan and Malaysia, and CardinalLizard, which in 2018 increased its interest in Malaysia alongside an existing focus on the Philippines, Russia, and Mongolia.
  • Recorded APT activity in South Asia. Pakistan military entities have been under attack from the newly discovered Sidewinder group.
  • IronHusky APT apparently stops targeting Russian military actors and transfers all its efforts to Mongolia. At the end of January 2018, this Chinese-speaking actor launched an attack campaign on Mongolian government organizations before their meeting with the International Monetary Fund (IMF).
  • Korean peninsula remains in focus. The Kimsuky APT, targeting South Korean think tanks and political activities, has renewed its arsenal with a completely new framework designed for cyberespionage and used in a spear-phishing campaign. Furthermore, a subset of the infamous Lazarus group, Bluenoroff, has shifted to new targets including cryptocurrency companies and Point of Sales (PoS).

 

Kaspersky Lab also detected a peak of threat activity in the Middle East. For example, the StrongPity APT launched a number of new Man-in-the-Middle (MiTM) attacks on internet service provider (ISP) networks. Another highly skilled cybercriminal group, the Desert Falcons, returned to target Android devices with malware previously used in 2014.

 

Also, in Q1, Kaspersky Lab researchers discovered several groups routinely targeting routers and networking hardware in their campaigns, an approach adopted years ago by actors such as Regin and CloudAtlas. According to experts, routers will continue to be a target for attackers as a way of getting a foothold in a victim´s infrastructure.

 

During the first three months of the year we saw a number of new threat groups of different levels of sophistication, but which, overall, were using the most common and available malware tools. At the same time, we observed no significant activity from some well-known actors. This leads us to believe that they are rethinking their strategies and reorganizing their teams for future attacks.” said Vicente Diaz, Principal Security Researcher at Kaspersky Lab GReAT team.

 

The newly published Q1 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the first quarter of 2018, Kaspersky Lab’s Global Research and Analysis Team created 27 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

 

For more information, please contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
ViewSonic to Showcase XG Series of Gaming Monitors at ESGS 2017
Techworld Date Posted: 25 October 2017 2:32 PM | 132 Views
ViewSonic Corp., a leading global provider of visual solution products, today announced it will be exhibiting its latest gaming monitors at the Electronic Sports and Gaming Summit (ESGS) 2017,. See More

 
UBTECH Robotics Introduces the Alpha1 Pro Humanoid Robot to Philippines
Techworld Date Posted: 28 September 2017 4:33 PM | 103 Views
UBTECH Robotics, the company best known globally as the industry leader in artificial intelligence and humanoid robotics today introduced the Alpha1 Pro interactive consumer robot in the Philippines. Alpha1 Pro is a household programmable humanoid.... See More

 
Warfare in an Age of Computers
Techworld Date Posted: 22 July 2017 8:58 AM | 101 Views
War has changed its face. When centuries ago we fought with swords, and later with gunpowder, now we fight in darkened rooms with computers before us. What has happened? Computers happened. The computer has changed our.... See More

 
Unlocking Insights for Sustainable Development in ASEAN with Data and Analytics
Techworld Date Posted: 15 December 2017 10:19 AM | 83 Views
Data has become the new life force that drives the world today. Businesses have always leveraged their company or customer information to make better, smarter, real time, fact-based decisions – from developing a new.... See More

 
Kaspersky Lab Reveals PH Threat Landscape, Advocates Public-Private Collaboration in its First CyberSecurity Summit with the DICT
Techworld Date Posted: 7 August 2017 11:27 AM | 112 Views
The Department of Information and Communications Technology (DICT) Secretary Rodolfo Salalima (second from left) shakes hand with Kaspersky Lab Asia Pacific Managing Director Stephan Neumeier (third from left) during the media briefing for their.... See More

 
Kaspersky Lab Detects Roaming Mantis Attacking Smartphones in Asia via DNS Hijacking
Techworld Date Posted: 19 April 2018 4:25 PM | 739 Views
Kaspersky Lab researchers have discovered a new Android malware distributed through a domain name system (DNS) hijacking technique and targeting smartphones, mostly in Asia. The campaign, dubbed Roaming Mantis remains highly active and is.... See More

 
Transcend Wins Good Design Award 2017
Techworld Date Posted: 17 October 2017 3:05 PM | 256 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, today announced that its M.2 SSD Enclosure kit CM42 has won the "Good Design Award 2017" for top-quality, groundbreaking design. The Good.... See More

 
26 Per Cent of Ransomware Attacks Now Target Business – Rapidly-Evolving Ransomware Remains a Top Threat
Techworld Date Posted: 1 December 2017 11:42 AM | 109 Views
In 2017, 26.2 per cent those targeted by ransomware were business users, compared to 22.6 per cent in 2016. See More

 
MSI GAMING PH ANNOUNCES OFFICIAL LAUNCH OF NEW CONCEPT STORE
Techworld Date Posted: 10 November 2017 10:36 AM | 125 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, will be having a grand launching celebration of their newest MSI Concept Store on November 16, 2017.. See More

 
Half of Businesses Find It Hard to Identify a Serious Security Breach. Do You?
Techworld Date Posted: 8 November 2017 4:53 PM | 128 Views
Prevention is still the main pillar of corporate cybersecurity, says the report ‘New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks’ from Kaspersky Lab.. See More


Power by

Download Free AZ | Free Wordpress Themes