The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals.

 

In total, 10 of the 24 research projects on advanced targeted attacks conducted by Kaspersky Lab in Q3 centered around activities attributed to multiple actors in the Chinese region. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

 

Research conducted during the period of July-September 2017 revealed a number of developments in the area of targeted attacks by, among others, C

 

Chinese criminals in particular were specifically active during this period. Their revitalization has affected not only various organizations, but also government and political bodies as well as huge regional agreements – bringing international relations into the business of advanced targeted attacks.

 

Highlights in Q3, 2017 include:

  • Rise of cyber-espionage attacks by Chinese-speaking actors. The most interesting of the attacks were Netsarang/ShadowPad and CCleaner – both of which involved embedding specific backdoors inside the installation packages of legitimate software. CCleaner alone managed to infect 2 million computers, making it one of the biggest attacks of 2017.
  • Growing Chinese-speaking actors’ interest in attacks on strategic facilities and economy sectors. At least two separate reports provide clear cases in point:
    1. IronHusky attack on Russian and Mongolian aviation companies and research institutes. This campaign was discovered in July, when the two countries were targeted with a Poison Ivy variant from a Chinese-speaking threat actor. The attack was connected to Mongolian air defense prospects, which were a key subject of negotiations held with Russia earlier in the year.
    2. H2ODecomposition attack on the energy sectors of India and Russia. Both countries’ energy sectors were targeted with a new piece of malware referred to as “H2ODecomposition”. In some cases, this malware was masquerading as a popular Indian antivirus solution (QuickHeal).

 

Furthermore, in Q3 2017 Kaspersky Lab experts issued several reports on Russian-speaking actors. Most of them were dedicated to financial and ATM attacks, however, one report examined Sofacy’s summertime activity, indicating that the group remained active.

 

Speaking of English-speaking actors, the third quarter also produced yet another member of the Lamberts: Red Lambert. The Lamberts is a family of sophisticated attack tools that has been used by either one or multiple threat actors against high-profile victims since at least 2008.

 

The Red Lambert is a network-driven backdoor, discovered during the previous analysis of Grey Lambert and utilized instead of hard-coded SSL certificates in command and control communications.

 

“The targeted threat landscape is evolving constantly, not only in terms of cybercriminals’ being increasingly well-prepared and technologically sophisticated, but also in terms of geography. The rise of Chinese-speaking actors once again demonstrates the importance of investing in threat intelligence and arming organizations with insight on the latest trends and developments,” said Brian Bartholomew, Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

 

The Q3 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the third quarter of 2017, Kaspersky Lab’s Global Research and Analysis Team created 24 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

 

For more information, please contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
Digital Transformation (DX) Leads the Philippines Outsourcing Market to Hit US$500 Million by 2021
Techworld Date Posted: 24 August 2017 10:16 AM | 340 Views
The total outsourcing services spending in the Philippines is expected to exceed US$500 million by 2021, according to the latest forecast from theIDC APeJ Semiannual Services Tracker. Enterprises' Digital Transformation (DX) initiatives, as well.... See More
 
Digital Transformation (DX) Leads the Philippines Outsourcing Market to Hit US$500 Million by 2021
Techworld Date Posted: 10:16 AM | 340 Views
The total outsourcing services spending in the Philippines is expected to exceed US$500 million by 2021, according to the latest forecast from theIDC APeJ Semiannual Services Tracker. Enterprises' Digital Transformation (DX) initiatives, as well...See More

 
Number of Users Hit by Malware Stealing Logins to Online Porn Grew More Than 100% to Reach 110,000 in 2018
Techworld Date Posted: 26 February 2019 10:03 AM | 115 Views
The number of users attacked by malware out to steal premium access login data to popular adult websites more than doubled in a year, rising from around 50,000 users in 2017 to 110,000 users.... See More
 
Number of Users Hit by Malware Stealing Logins to Online Porn Grew More Than 100% to Reach 110,000 in 2018
Techworld Date Posted: 10:03 AM | 115 Views
The number of users attacked by malware out to steal premium access login data to popular adult websites more than doubled in a year, rising from around 50,000 users in 2017 to 110,000 users...See More

 
Symantec Delivers Advanced Protection and Hardening Capabilities with Complete Endpoint Defense
Techworld Date Posted: 21 February 2019 9:00 AM | 136 Views
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today announced new innovations and enhancements to its endpoint security portfolio designed to defend against the most sophisticated cyber attacks. See More
 
Symantec Delivers Advanced Protection and Hardening Capabilities with Complete Endpoint Defense
Techworld Date Posted: 9:00 AM | 136 Views
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today announced new innovations and enhancements to its endpoint security portfolio designed to defend against the most sophisticated cyber attacksSee More

 
10 Tip to Improve Your Internet Privacy
Techworld Date Posted: 31 July 2018 5:09 PM | 522 Views
Massive data breaches, marketers tracking your every step online, shady people exploring the photos you shared in social networks — the list of digital annoyances goes on and on. However, it’s not completely hopeless:.... See More
 
10 Tip to Improve Your Internet Privacy
Techworld Date Posted: 5:09 PM | 522 Views
Massive data breaches, marketers tracking your every step online, shady people exploring the photos you shared in social networks — the list of digital annoyances goes on and on. However, it’s not completely hopeless:...See More

 
Data Risks Give No Rewards, Kaspersky Lab Warns
Techworld Date Posted: 31 July 2017 5:04 PM | 435 Views
Users are putting their precious and sensitive data in danger, by the way they share both their information, and their physical devices containing this information with others. Kaspersky Lab's My Precious Data: Stranger Danger.... See More
 
Data Risks Give No Rewards, Kaspersky Lab Warns
Techworld Date Posted: 5:04 PM | 435 Views
Users are putting their precious and sensitive data in danger, by the way they share both their information, and their physical devices containing this information with others. Kaspersky Lab's My Precious Data: Stranger Danger...See More

 
Realme 3 Marks PH Entry with Shopee Promo
Techworld Date Posted: 23 March 2019 10:14 AM | 108 Views
Budget smartphone disruptor realme 3 is finally here in the Philippines, ready to let Filipinos #DiscoverRealValue. To celebrate the arrival of the smartphone in the country, realme Philippines joins Shopee’s March 25 Flash Sale.... See More
 
Realme 3 Marks PH Entry with Shopee Promo
Techworld Date Posted: 10:14 AM | 108 Views
Budget smartphone disruptor realme 3 is finally here in the Philippines, ready to let Filipinos #DiscoverRealValue. To celebrate the arrival of the smartphone in the country, realme Philippines joins Shopee’s March 25 Flash Sale...See More

 
Remote Access Nightmare: New Backdoors Increase More Than 40% in 2018
Techworld Date Posted: 11 December 2018 4:24 PM | 159 Views
Out of all the new malicious files detected in 2018, the amount that turned out to be backdoors rose by 44%, while the volume of ransomware increased by 43%.. See More
 
Remote Access Nightmare: New Backdoors Increase More Than 40% in 2018
Techworld Date Posted: 4:24 PM | 159 Views
Out of all the new malicious files detected in 2018, the amount that turned out to be backdoors rose by 44%, while the volume of ransomware increased by 43%.See More

 
MMD Philippines Introduces New Lineup of AOC and Philips Monitors
Techworld Date Posted: 31 October 2018 5:29 PM | 387 Views
AOC, the number one monitor brand in the Philippines known for their impeccable quality gaming monitors, and Philips, a well-known brand for making high-performance and innovative display solutions for home and businesses, proudly launch.... See More
 
MMD Philippines Introduces New Lineup of AOC and Philips Monitors
Techworld Date Posted: 5:29 PM | 387 Views
AOC, the number one monitor brand in the Philippines known for their impeccable quality gaming monitors, and Philips, a well-known brand for making high-performance and innovative display solutions for home and businesses, proudly launch...See More

 
ASUS Republic of Gamers Showcases Latest Gaming Lineup at CES 2018
Techworld Date Posted: 11 January 2018 1:23 PM | 861 Views
ASUS Republic of Gamers (ROG) today unveiled its latest lineup of gaming accessories at CES® 2018, including the ROG Strix Flare RGB mechanical keyboard, ROG Aura Terminal addressable RGB controller,. See More
 
ASUS Republic of Gamers Showcases Latest Gaming Lineup at CES 2018
Techworld Date Posted: 1:23 PM | 861 Views
ASUS Republic of Gamers (ROG) today unveiled its latest lineup of gaming accessories at CES® 2018, including the ROG Strix Flare RGB mechanical keyboard, ROG Aura Terminal addressable RGB controller,See More

 
Artificial Intelligence and Machine Learning Are Changing the Way We Do Business
Techworld Date Posted: 28 November 2017 10:29 AM | 327 Views
Today, every organisation needs to reimagine its business model. Customers expect business to meet them anywhere, any time, on any device. To meet this speed of response, businesses need to be ahead of the.... See More
 
Artificial Intelligence and Machine Learning Are Changing the Way We Do Business
Techworld Date Posted: 10:29 AM | 327 Views
Today, every organisation needs to reimagine its business model. Customers expect business to meet them anywhere, any time, on any device. To meet this speed of response, businesses need to be ahead of the...See More


Power by

Download Free AZ | Free Wordpress Themes