The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals.

 

In total, 10 of the 24 research projects on advanced targeted attacks conducted by Kaspersky Lab in Q3 centered around activities attributed to multiple actors in the Chinese region. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

 

Research conducted during the period of July-September 2017 revealed a number of developments in the area of targeted attacks by, among others, C

 

Chinese criminals in particular were specifically active during this period. Their revitalization has affected not only various organizations, but also government and political bodies as well as huge regional agreements – bringing international relations into the business of advanced targeted attacks.

 

Highlights in Q3, 2017 include:

  • Rise of cyber-espionage attacks by Chinese-speaking actors. The most interesting of the attacks were Netsarang/ShadowPad and CCleaner – both of which involved embedding specific backdoors inside the installation packages of legitimate software. CCleaner alone managed to infect 2 million computers, making it one of the biggest attacks of 2017.
  • Growing Chinese-speaking actors’ interest in attacks on strategic facilities and economy sectors. At least two separate reports provide clear cases in point:
    1. IronHusky attack on Russian and Mongolian aviation companies and research institutes. This campaign was discovered in July, when the two countries were targeted with a Poison Ivy variant from a Chinese-speaking threat actor. The attack was connected to Mongolian air defense prospects, which were a key subject of negotiations held with Russia earlier in the year.
    2. H2ODecomposition attack on the energy sectors of India and Russia. Both countries’ energy sectors were targeted with a new piece of malware referred to as “H2ODecomposition”. In some cases, this malware was masquerading as a popular Indian antivirus solution (QuickHeal).

 

Furthermore, in Q3 2017 Kaspersky Lab experts issued several reports on Russian-speaking actors. Most of them were dedicated to financial and ATM attacks, however, one report examined Sofacy’s summertime activity, indicating that the group remained active.

 

Speaking of English-speaking actors, the third quarter also produced yet another member of the Lamberts: Red Lambert. The Lamberts is a family of sophisticated attack tools that has been used by either one or multiple threat actors against high-profile victims since at least 2008.

 

The Red Lambert is a network-driven backdoor, discovered during the previous analysis of Grey Lambert and utilized instead of hard-coded SSL certificates in command and control communications.

 

“The targeted threat landscape is evolving constantly, not only in terms of cybercriminals’ being increasingly well-prepared and technologically sophisticated, but also in terms of geography. The rise of Chinese-speaking actors once again demonstrates the importance of investing in threat intelligence and arming organizations with insight on the latest trends and developments,” said Brian Bartholomew, Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

 

The Q3 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the third quarter of 2017, Kaspersky Lab’s Global Research and Analysis Team created 24 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

 

For more information, please contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
Power Mac Center Opens Biggest Store in Festival Mall, Alabang
Techworld Date Posted: 15 December 2017 10:27 AM | 323 Views
Head south this weekend as premier Apple partner Power Mac Center is opening its biggest branch in the country yet. The brand new store and service center. See More
 
Power Mac Center Opens Biggest Store in Festival Mall, Alabang
Techworld Date Posted: 10:27 AM | 323 Views
Head south this weekend as premier Apple partner Power Mac Center is opening its biggest branch in the country yet. The brand new store and service centerSee More

 
Spy Spotting – What Careless Mistakes Reveal about Cyberespionage in APAC
Techworld Date Posted: 24 October 2017 10:22 AM | 321 Views
Kaspersky Lab’s Senior Security Researcher Noushin Shabab looks back at major cyberespionage cases that hit the Asia Pacific region to reveal the mistakes committed by cybercriminals that help researchers unmask their identity.   Errors.... See More
 
Spy Spotting – What Careless Mistakes Reveal about Cyberespionage in APAC
Techworld Date Posted: 10:22 AM | 321 Views
Kaspersky Lab’s Senior Security Researcher Noushin Shabab looks back at major cyberespionage cases that hit the Asia Pacific region to reveal the mistakes committed by cybercriminals that help researchers unmask their identity.   Errors...See More

 
Silence Trojan: The New Russian-Speaking Hacking Group Hunts for Financial Organizations
Techworld Date Posted: 6 November 2017 4:02 PM | 269 Views
In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a.... See More
 
Silence Trojan: The New Russian-Speaking Hacking Group Hunts for Financial Organizations
Techworld Date Posted: 4:02 PM | 269 Views
In September 2017 Kaspersky Lab researchers identified a new series of targeted attacks against at least 10 financial organizations in multiple regions including Russia, Armenia, and Malaysia. The hits are being performed by a...See More

 
Chafer Cyberespionage Group Targets Embassies with Updated Homebrew Spyware
Techworld Date Posted: 7 February 2019 2:07 PM | 116 Views
Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during.... See More
 
Chafer Cyberespionage Group Targets Embassies with Updated Homebrew Spyware
Techworld Date Posted: 2:07 PM | 116 Views
Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during...See More

 
Apacer AC532 USB 3.1 Gen 1 Portable Hard Drive: Anti-Vibration Internal Suspension Structure, 1-Meter Shockproof and Anti-Slip Design
Techworld Date Posted: 23 August 2017 11:30 AM | 322 Views
Apacer launches the brand-new AC532, a classic portable hard drive combining a slim shape with great protection design, making it a high price-performance choice in portable hard drives. AC532 is equipped with an anti.... See More
 
Apacer AC532 USB 3.1 Gen 1 Portable Hard Drive: Anti-Vibration Internal Suspension Structure, 1-Meter Shockproof and Anti-Slip Design
Techworld Date Posted: 11:30 AM | 322 Views
Apacer launches the brand-new AC532, a classic portable hard drive combining a slim shape with great protection design, making it a high price-performance choice in portable hard drives. AC532 is equipped with an anti...See More

 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 9 January 2018 4:50 PM | 372 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.. See More
 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 4:50 PM | 372 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.See More

 
MSI-ECS Offers New Training Courses to Expand ICT Learning Platform
Techworld Date Posted: 8 January 2019 1:43 PM | 208 Views
As more local enterprises develop a growing appetite for digital technologies, country’s largest distributor MSI-ECS Philippines Inc., hopes to complement this growth by expanding its education platform. See More
 
MSI-ECS Offers New Training Courses to Expand ICT Learning Platform
Techworld Date Posted: 1:43 PM | 208 Views
As more local enterprises develop a growing appetite for digital technologies, country’s largest distributor MSI-ECS Philippines Inc., hopes to complement this growth by expanding its education platformSee More

 
Brother Group Continues Cancer Awareness Tradition in Philippines, Joins Quezon City Relay for Life 2019
Techworld Date Posted: 23 March 2019 10:00 AM | 33 Views
Brother International Philippines Corporation (BICP), together with sister company Brother Industries (Philippines), Inc., (BIPH) once more joined this year the Philippine Cancer Society (PCS)’s cancer awareness and fund-raising event dubbed “Relay for Life.” Themed.... See More
 
Brother Group Continues Cancer Awareness Tradition in Philippines, Joins Quezon City Relay for Life 2019
Techworld Date Posted: 10:00 AM | 33 Views
Brother International Philippines Corporation (BICP), together with sister company Brother Industries (Philippines), Inc., (BIPH) once more joined this year the Philippine Cancer Society (PCS)’s cancer awareness and fund-raising event dubbed “Relay for Life.” Themed...See More

 
Cybercriminals Targeted at Least 400 Industrial Companies with Spear-Phishing Attack for Financial Gain
Techworld Date Posted: 6 August 2018 4:32 PM | 515 Views
Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the.... See More
 
Cybercriminals Targeted at Least 400 Industrial Companies with Spear-Phishing Attack for Financial Gain
Techworld Date Posted: 4:32 PM | 515 Views
Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the...See More

 
Moto E4 Plus Empowers Gamers to Level Up
Techworld Date Posted: 3 October 2017 8:52 AM | 296 Views
Gaming, mobile or otherwise, continues to be a huge part of today's digital experience. Not just millennials but even Gen Xers as well are very much engaged in the digital gaming world, mostly through.... See More
 
Moto E4 Plus Empowers Gamers to Level Up
Techworld Date Posted: 8:52 AM | 296 Views
Gaming, mobile or otherwise, continues to be a huge part of today's digital experience. Not just millennials but even Gen Xers as well are very much engaged in the digital gaming world, mostly through...See More


Power by

Download Free AZ | Free Wordpress Themes