TAIPEI, TAIWAN – Media OutReach – August 4, 2023 – In Kaspersky’s latest Advanced Persistent Threat (APT) Trend Report for the second quarter of 2023, researchers analyze the development of new and existing campaigns. The report highlights APT activity during this period, including updating tools, creating new malware variants, and adopting new techniques by threat actors.
An important new revelation was the exposure of the long duration “Operation Triangulationinvolving the use of a previously unknown iOS malware platform. The experts also observed other interesting developments that they believe everyone should be aware of. Here are the main highlights of the report:
Asia-Pacific is witnessing a new threat actor – Mysterious Elephant
Kaspersky has discovered a new threat actor belonging to the Elephants family, operating in the Asia-Pacific region, nicknamed “Mysterious Elephant”. In its latest campaign, the malicious actor used new families of backdoors, capable of executing files and commands on the victim’s computer, and receiving files or commands from a malicious server for them. run on the infected system. While Kaspersky researchers observed overlaps with Confucius and SideWinder, Mysterious Elephant has a distinctive and unique set of TTPs, setting them apart from these other groups.
Updated toolsets: Lazarus develops new malware variant, BlueNoroff attacks macOS, etc.
Threat actors are constantly improving their techniques, with Lazarus updating its MATA framework and introducing a new variant of the sophisticated MATA malware family, MATAv5.
BlueNoroff, a subgroup of Lazarus focused on financial attacks, now employs new delivery methods and programming languages, including the use of Trojan PDF readers in recent campaigns, the implementation of macOS malware, and the Rust programming language. Additionally, the ScarCruft APT group has developed new infection methods, avoiding the Mark-of-the-Web (MOTW) security mechanism. The ever-changing tactics of these threat actors present new challenges for cybersecurity professionals.
Geopolitical influences remain key drivers of APT activity
APT campaigns remain geographically dispersed, with actors focusing their attacks on regions such as Europe, Latin America, the Middle East, and various parts of Asia. Cyber espionage, with a strong geopolitical backdrop, continues to be a dominant agenda for these efforts.
Adrian Hia, Managing Director of APAC at Kaspersky, said, “Kaspersky is monitoring all active APT players in the region that are infecting mobile devices and slowly targeting businesses and infrastructure. Our researchers focus on APT activities to uncover the most sophisticated cyberattacks. By publishing the results of our survey, we hope we can help organizations be aware of the latest activities and stay safe in our attempt to build a safer world.”
“While some threat actors stick to familiar tactics such as social engineering, others have evolved, updating their tools and expanding their activities. Additionally, new advanced actors, such as those conducting “Operation Triangulation” campaign, constantly emerging. This actor uses an iOS malware platform distributed via clickless iMessage exploits. Staying alert with threat intelligence and the right defense tools is crucial for global businesses, so they can protect themselves against existing and emerging threats. Our quarterly reviews are designed to highlight the most significant developments among APT groups to help defenders combat and mitigate the associated risks,” comments David Emm, Senior Security Researcher in Kaspersky’s Global Research and Analysis Team (GReAT).
To read the full Q2 2023 APT Trends Report, please visit
Safe List.
In order to avoid being the victim of a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:
-
To keep your system safe, it is crucial to promptly update your operating system and other third-party software to their latest versions. Maintaining a regular update schedule is essential to staying protected against potential vulnerabilities and security risks
- Improve the skills of your cybersecurity team to fight against the latest targeted threats with Kaspersky online training developed by leading experts.
- Use the latest Threat intelligence information to stay up to date with actual TTPs used by threat actors.
- For rapid endpoint incident detection, investigation, and resolution, implement EDR solutions such as Kaspersky Endpoint Detection and Response.
- Dedicated services can help combat large-scale attacks. THE Detection and response managed by Kaspersky can help identify and stop intrusions early, before perpetrators achieve their goals. If you encounter an incident, Kaspersky Incident Response service will help you react and minimize the consequences, in particular – identify compromised nodes and protect the infrastructure against similar attacks in the future.
Hashtag: #Kaspersky
The issuer is solely responsible for the content of this announcement.
