2023-08-08 10:49:44
The latest Kaspersky report on Advanced Persistent Threats (APTs) corresponding to the second quarter of 2023 analyzes the evolution of both new and existing risks. The report highlights the updating of tools and techniques used by cybercriminals and the creation of new malware variants.
One of the novelties detected by Kaspersky analysts is a long-running campaign called Operation Triangulation using a hitherto unknown iOS malware platform (Apple devices). Other techniques used by cybercriminals have also been observed:
New threat in the Asia-Pacific region: Mysterious Elephant
Kaspersky has discovered a new threat actor belonging to the Elephants family in the Asia-Pacific region called Mysterious Elephant. He uses new families of backdoors, capable of executing files and commands on the victim’s computer and receiving files or commands from a malicious server to execute them on the infected system. Kaspersky experts have confirmed similarities with the activity of the Confucius and SideWinder groups. However, Mysterious Elephant uses differential and very advanced Tactics, Techniques and Procedures (TTPs).
Lazarus creates a new malware variant as BlueNoroff attacks macOS
Cybercriminals continually improve their techniques. Thus, the Lazarus group has developed a new variant of the MATA malware family, MATAv5. For its part, BlueNoroff, a Lazarus subgroup focused on attacks on financial institutions, uses new methods, such as PDFs with Trojans, as well as malware against macOS, and the Rust programming language. In addition, the ScarCruft APT group has developed new forms of infection capable of evading Mark-of-the-Web (MOTW) security. This protection system marks the files on the PC (Windows) from the Internet so that the apps know their source and thus detect potential threats. The constant evolution in the tactics used by cybercriminals is a challenge for professionals in the world of cybersecurity.
Geopolitics continues to be the main lever of APTs
APT campaigns span a large number of regions: Europe, Latin America, the Middle East, and parts of Asia. Geopolitically oriented cyberespionage continues to be the predominant note.
“While some threat actors use familiar social engineering techniques, others are updating their tools and expanding their activities. In addition, new actors are continually emerging, such as the ‘Operation Triangulation’ campaign. This actor uses a hitherto unknown iOS malware platform that infects via iMessage exploits. Being vigilant, having the latest threat intelligence and the right defense tools is critical to protecting businesses against both known and new threats. Our quarterly risk reports reveal the most significant news from APT groups so that organizations can combat threats with assurance.” explains David Emm, Principal Security Researcher at Kaspersky’s Global Research and Analysis Area (GREaT).
To prevent both known and unknown attacks, experts recommend implementing the following measures:
Update the operating system and third-party software. Maintaining a regular update schedule is critical to staying protected against potential vulnerabilities and security risks. Improve the skills of cybersecurity teams to address the latest threats. Have the latest threat information to be up to date with the TTPs used. For the detection, investigation and resolution of incidents at the endpoint level it is important to implement EDR solutions.
#Attacks #Apple #among #common #cyberthreats