In early 2017, Kaspersky Lab researchers noted increased activity by an APT called Spring Dragon (also known as LotusBlossom). The attacks involved new and evolved tools and techniques and targeted countries around the South China Sea. Kaspersky Lab’s experts have published their analysis of the attackers’ toolset over time in order to help organizations better understand the nature of the threat and protect themselves.

 

Spring Dragon is a long-running threat actor that has been targeting high profile political, governmental and education organisations in Asia since 2012. Kaspersky Lab has been tracking the APT for the last few years.

 

In early 2017, Kaspersky Lab identified renewed attacks in the threat actor’s favoured South China Sea region. According to Kaspersky Lab telemetry, Taiwan had the largest number of attacks followed by Indonesia, Vietnam, the Philippines, Macau, Malaysia, Hong Kong and Thailand. To help organizations better understand and protect against the threat, Kaspersky Lab’s researchers have undertaken a detailed review of 600 Spring Dragon malware samples.

 

Kaspersky Lab’s overview of Spring Dragon’s tools shows that:

●The attackers’ toolset includes a unique customised set of links to command and control servers for each malware: the malware samples contained more than 200 unique IP addresses overall.

●This toolset was accompanied by customised installation data for each attack to make detection difficult.

●The arsenal includes various backdoor modules with different characteristics and functionalities – although they all have the capability to download additional files to the victim’s machine, upload files to its servers and execute any executable file or command on the victim’s machine. This allows the attackers to undertake a number of malicious activities on the victim’s machine – particularly cyberespionage.

●The malware compilation timestamps suggest a time zone of GMT +8 – although the experts warn that does not represent a reliable indicator of attribution.

 

“Organisations and businesses need to step up and manage risk on reputation and service guarantees. The average loss from a single targeted attack is close to $1,000,000 excluding reputational impact. In the event of cyberattack, a considerable investment is made for urgent response to improve software and infrastructure. The reverse needs to take place. We must not wait for attacks to happen for us to take precaution,” says Anastasia Para Rae, General Manager at Kaspersky Lab ANZ.

 

“We believe that Spring Dragon is going to continue resurfacing regularly in the Asian region and it’s important to be familiar with its tools and techniques. We encourage individuals and businesses to have good Yara rules and other detection mechanisms in place and strongly recommended they use – and regularly audit – a multi layered approach to security,” adds Noushin Shabab, GReAT Senior Security Researcher at Kaspersky Lab.

 

In order to protect your personal or business data from cyberattacks, Kaspersky Lab advise the following:

●Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.

●Educate and train your personnel on social engineering as this method is often used to make a victim open a malicious document or click on an infected link.

●Conduct regular security assessments of the organisations IT infrastructure.

 

Use Kaspersky’s Threat Intelligence that tracks cyberattacks, incident or threats and provides customers with up-to-date relevant information that they are unaware of. Find out more at intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
New IoT-Malware Grew Three-Fold in H1 2018
Techworld Date Posted: 19 September 2018 3:04 PM | 95 Views
According to the Kaspersky Lab IoT report, in the first half of 2018, IoT devices were attacked with more than 120,000 modifications of malware. That’s more than triple the amount of IoT malware seen.... See More
 
New IoT-Malware Grew Three-Fold in H1 2018
Techworld Date Posted: 3:04 PM | 95 Views
According to the Kaspersky Lab IoT report, in the first half of 2018, IoT devices were attacked with more than 120,000 modifications of malware. That’s more than triple the amount of IoT malware seen...See More

 
Lian Li Announces Thanksgiving Build Contest in Partnership with Der8auer, ASUS and ADATA
Techworld Date Posted: 12 November 2018 4:54 PM | 75 Views
Lian Li Industrial Co. Ltd., the world’s leading manufacturer of aluminum chassis for enthusiasts, custom OEM/ODM case solutions, and case accessories is thrilled to invite all owners of Lian Li O11 Dynamic and O11.... See More
 
Lian Li Announces Thanksgiving Build Contest in Partnership with Der8auer, ASUS and ADATA
Techworld Date Posted: 4:54 PM | 75 Views
Lian Li Industrial Co. Ltd., the world’s leading manufacturer of aluminum chassis for enthusiasts, custom OEM/ODM case solutions, and case accessories is thrilled to invite all owners of Lian Li O11 Dynamic and O11...See More

 
Supply Chain Nightmare: Threat Actors Backdoor Third-Party Software for Enterprise Targeting — Kaspersky Lab’s Predictions for 2018
Techworld Date Posted: 4 January 2018 4:02 PM | 672 Views
This year, the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies, with the added advantage that such attacks are extremely hard to spot and mitigate, according.... See More
 
Supply Chain Nightmare: Threat Actors Backdoor Third-Party Software for Enterprise Targeting — Kaspersky Lab’s Predictions for 2018
Techworld Date Posted: 4:02 PM | 672 Views
This year, the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies, with the added advantage that such attacks are extremely hard to spot and mitigate, according...See More

 
Businesses Stuck in a DDoS-Daze as Ineffective Strategies Leave Them Vulnerable to Attack
Techworld Date Posted: 22 May 2018 10:15 AM | 270 Views
Research from Kaspersky Lab has revealed that businesses are falling behind in the race to protect themselves from Distributed Denial of Service (DDoS) attacks, due a reliance on others to do the job for.... See More
 
Businesses Stuck in a DDoS-Daze as Ineffective Strategies Leave Them Vulnerable to Attack
Techworld Date Posted: 10:15 AM | 270 Views
Research from Kaspersky Lab has revealed that businesses are falling behind in the race to protect themselves from Distributed Denial of Service (DDoS) attacks, due a reliance on others to do the job for...See More

 
2018 Cyber Security Predictions
Techworld Date Posted: 16 December 2017 12:00 PM | 508 Views
This past year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defenses. See More
 
2018 Cyber Security Predictions
Techworld Date Posted: 12:00 PM | 508 Views
This past year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defensesSee More

 
Say Goodbye to Dead Spots at Home and Say Hello to Google WiFi! PLDT Teams Up with Google to Give You the Strongest and Seamless Connections at Home
Techworld Date Posted: 25 October 2018 2:32 PM | 138 Views
Nothing ruins an online experience like an interrupted connection. Whether you’re streaming the final episode of your favorite series, uploading an important file to make a deadline or video calling with your bestfriend abroad,.... See More
 
Say Goodbye to Dead Spots at Home and Say Hello to Google WiFi! PLDT Teams Up with Google to Give You the Strongest and Seamless Connections at Home
Techworld Date Posted: 2:32 PM | 138 Views
Nothing ruins an online experience like an interrupted connection. Whether you’re streaming the final episode of your favorite series, uploading an important file to make a deadline or video calling with your bestfriend abroad,...See More

PCBG Contributing Writer
Allu Out, GuardiaN In
Techworld • By: PCBG Contributing Writer | Date Posted: 3 August 2017 1:59 PM | 452 Views
After failing to qualify for the quarterfinals at the recent PGL Krakow Major Championship, Natus Vincere shocked many fans due to their visibly poor performance during the group stage matches. It was one of.... See More
PCBG Contributing Writer
Allu Out, GuardiaN In
Techworld • By: PCBG Contributing Writer | Date Posted: 1:59 PM | 452 Views
After failing to qualify for the quarterfinals at the recent PGL Krakow Major Championship, Natus Vincere shocked many fans due to their visibly poor performance during the group stage matches. It was one of...See More

 
Botnet Activity in H1 2018: Multifunctional Bots Becoming More Widespread
Techworld Date Posted: 3 September 2018 5:14 PM | 136 Views
Kaspersky Lab researchers have published a report on botnet activity in the first half of 2018, analyzing more than 150 malware families and their modifications circulating through 600,000 botnets around the world. . See More
 
Botnet Activity in H1 2018: Multifunctional Bots Becoming More Widespread
Techworld Date Posted: 5:14 PM | 136 Views
Kaspersky Lab researchers have published a report on botnet activity in the first half of 2018, analyzing more than 150 malware families and their modifications circulating through 600,000 botnets around the world. See More

 
Black Friday Alert: Popular Online Fashion Shops among Top Targets for Data Stealing Malware in 2018
Techworld Date Posted: 16 November 2018 2:40 PM | 30 Views
As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites.. See More
 
Black Friday Alert: Popular Online Fashion Shops among Top Targets for Data Stealing Malware in 2018
Techworld Date Posted: 2:40 PM | 30 Views
As the big annual holiday shopping season gets underway, new Kaspersky Lab research shows that banking Trojans are actively targeting online users of popular consumer brands, stealing credentials and other information through these sites.See More

 
CES 2018: HyperX Reveals First Wireless Headset and New Suite of RGB Gaming Gear
Techworld Date Posted: 11 January 2018 10:58 AM | 221 Views
HyperX®, the gaming division of Kingston Technology, today demonstrated its first wireless gaming headset, the HyperX Cloud FlightTM, and an expanded suite of RGB gaming peripherals including the HyperX Alloy Elite RGBTM mechanical keyboard.... See More
 
CES 2018: HyperX Reveals First Wireless Headset and New Suite of RGB Gaming Gear
Techworld Date Posted: 10:58 AM | 221 Views
HyperX®, the gaming division of Kingston Technology, today demonstrated its first wireless gaming headset, the HyperX Cloud FlightTM, and an expanded suite of RGB gaming peripherals including the HyperX Alloy Elite RGBTM mechanical keyboard...See More


Power by

Download Free AZ | Free Wordpress Themes