The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals.

 

In total, 10 of the 24 research projects on advanced targeted attacks conducted by Kaspersky Lab in Q3 centered around activities attributed to multiple actors in the Chinese region. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

 

Research conducted during the period of July-September 2017 revealed a number of developments in the area of targeted attacks by, among others, C

 

Chinese criminals in particular were specifically active during this period. Their revitalization has affected not only various organizations, but also government and political bodies as well as huge regional agreements – bringing international relations into the business of advanced targeted attacks.

 

Highlights in Q3, 2017 include:

  • Rise of cyber-espionage attacks by Chinese-speaking actors. The most interesting of the attacks were Netsarang/ShadowPad and CCleaner – both of which involved embedding specific backdoors inside the installation packages of legitimate software. CCleaner alone managed to infect 2 million computers, making it one of the biggest attacks of 2017.
  • Growing Chinese-speaking actors’ interest in attacks on strategic facilities and economy sectors. At least two separate reports provide clear cases in point:
    1. IronHusky attack on Russian and Mongolian aviation companies and research institutes. This campaign was discovered in July, when the two countries were targeted with a Poison Ivy variant from a Chinese-speaking threat actor. The attack was connected to Mongolian air defense prospects, which were a key subject of negotiations held with Russia earlier in the year.
    2. H2ODecomposition attack on the energy sectors of India and Russia. Both countries’ energy sectors were targeted with a new piece of malware referred to as “H2ODecomposition”. In some cases, this malware was masquerading as a popular Indian antivirus solution (QuickHeal).

 

Furthermore, in Q3 2017 Kaspersky Lab experts issued several reports on Russian-speaking actors. Most of them were dedicated to financial and ATM attacks, however, one report examined Sofacy’s summertime activity, indicating that the group remained active.

 

Speaking of English-speaking actors, the third quarter also produced yet another member of the Lamberts: Red Lambert. The Lamberts is a family of sophisticated attack tools that has been used by either one or multiple threat actors against high-profile victims since at least 2008.

 

The Red Lambert is a network-driven backdoor, discovered during the previous analysis of Grey Lambert and utilized instead of hard-coded SSL certificates in command and control communications.

 

“The targeted threat landscape is evolving constantly, not only in terms of cybercriminals’ being increasingly well-prepared and technologically sophisticated, but also in terms of geography. The rise of Chinese-speaking actors once again demonstrates the importance of investing in threat intelligence and arming organizations with insight on the latest trends and developments,” said Brian Bartholomew, Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

 

The Q3 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the third quarter of 2017, Kaspersky Lab’s Global Research and Analysis Team created 24 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

 

For more information, please contact: intelreports@kaspersky.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
Synology® Unveils Surveillance Station 8.2 to Liberate Phone-Based Surveillance
Techworld Date Posted: 26 October 2018 4:28 PM | 42 Views
Synology Inc. recently announced Surveillance Station 8.2. Locally available in the Philippines, this release showcases LiveCam, a brand new security camera app that instantly turns a spare phone into an IP camera.. See More
 
Synology® Unveils Surveillance Station 8.2 to Liberate Phone-Based Surveillance
Techworld Date Posted: 4:28 PM | 42 Views
Synology Inc. recently announced Surveillance Station 8.2. Locally available in the Philippines, this release showcases LiveCam, a brand new security camera app that instantly turns a spare phone into an IP camera.See More

 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 9 January 2018 4:50 PM | 286 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.. See More
 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 4:50 PM | 286 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.See More

 
Kaspersky Index in H2 2016: People are Becoming more Cyber Savvy
Techworld Date Posted: 8 May 2017 11:06 AM | 239 Views
Kaspersky Lab has updated its Kaspersky Cybersecurity Index, a set of indicators that allow the evaluation of the level of risk for Internet users worldwide. The Index for the second half of 2016 demonstrates.... See More
 
Kaspersky Index in H2 2016: People are Becoming more Cyber Savvy
Techworld Date Posted: 11:06 AM | 239 Views
Kaspersky Lab has updated its Kaspersky Cybersecurity Index, a set of indicators that allow the evaluation of the level of risk for Internet users worldwide. The Index for the second half of 2016 demonstrates...See More

 
New Variant of SynAck Ransomware Uses Sophisticated Doppelgänging Technique to Evade Security
Techworld Date Posted: 31 May 2018 10:59 AM | 258 Views
Kaspersky Lab researchers have discovered a new variant of the SynAck ransomware Trojan using the Doppelgänging technique to bypass anti-virus security by hiding in legitimate processes. This is the first time the Doppelgänging technique.... See More
 
New Variant of SynAck Ransomware Uses Sophisticated Doppelgänging Technique to Evade Security
Techworld Date Posted: 10:59 AM | 258 Views
Kaspersky Lab researchers have discovered a new variant of the SynAck ransomware Trojan using the Doppelgänging technique to bypass anti-virus security by hiding in legitimate processes. This is the first time the Doppelgänging technique...See More

 
SAP Names Scott Russell President of SAP Asia Pacific Japan
Techworld Date Posted: 20 July 2017 2:31 PM | 164 Views
SAP SE (NYSE: SAP) today announced that Scott Russell has been appointed president of SAP Asia Pacific Japan (APJ). In his new role, Scott will be responsible for growing SAP’s business and presence in.... See More
 
SAP Names Scott Russell President of SAP Asia Pacific Japan
Techworld Date Posted: 2:31 PM | 164 Views
SAP SE (NYSE: SAP) today announced that Scott Russell has been appointed president of SAP Asia Pacific Japan (APJ). In his new role, Scott will be responsible for growing SAP’s business and presence in...See More

 
Businesses Most at Risk from New Breed of Ransomware
Techworld Date Posted: 20 September 2017 9:35 AM | 298 Views
While ransomware has long been one of the main cyber threats to businesses, the past number of months have seen organizations more exposed than ever.Symantec's latest research paper on ransomwarehas found that businesses were.... See More
 
Businesses Most at Risk from New Breed of Ransomware
Techworld Date Posted: 9:35 AM | 298 Views
While ransomware has long been one of the main cyber threats to businesses, the past number of months have seen organizations more exposed than ever.Symantec's latest research paper on ransomwarehas found that businesses were...See More

 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 29 June 2018 4:21 PM | 180 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta.... See More
 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 4:21 PM | 180 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta...See More

 
Streaming Movie Baywatch (2017)
Techworld Date Posted: 16 September 2017 9:37 AM | 162 Views
Fast-paced, on-the-go, and with a crucial priority for high-speed connectivity, the world today has increasingly higher and higher demands for the best Internet performance-and your Small Office/Home Office (SOHO) environment is no exception. Powered.... See More
 
Streaming Movie Baywatch (2017)
Techworld Date Posted: 9:37 AM | 162 Views
Fast-paced, on-the-go, and with a crucial priority for high-speed connectivity, the world today has increasingly higher and higher demands for the best Internet performance-and your Small Office/Home Office (SOHO) environment is no exception. Powered...See More

Rafael Aquino
Intel® Meltdown And Spectre Updates
Techworld • By: Rafael Aquino | Date Posted: 14 March 2018 1:25 PM | 384 Views
Security vulnerabilities are everywhere, but lately, a new pair is on the loose. Intel® just received massive updates late February 2018 to early March for all processors that are currently in circulation. . See More
Rafael Aquino
Intel® Meltdown And Spectre Updates
Techworld • By: Rafael Aquino | Date Posted: 1:25 PM | 384 Views
Security vulnerabilities are everywhere, but lately, a new pair is on the loose. Intel® just received massive updates late February 2018 to early March for all processors that are currently in circulation. See More

 
CORSAIR and Lenovo Join Forces to Bring VENGEANCE LPX DDR4 to the Lenovo Legion™ Y920 Tower
Techworld Date Posted: 24 August 2017 10:44 AM | 189 Views
CORSAIR, a world leader in PC components, high-performance gaming hardware and enthusiast memory, today announced an exclusive OEM partnership with Lenovo to bring performance, overclockable memory to Lenovo's range of gaming PCs. Combining CORSAIR's.... See More
 
CORSAIR and Lenovo Join Forces to Bring VENGEANCE LPX DDR4 to the Lenovo Legion™ Y920 Tower
Techworld Date Posted: 10:44 AM | 189 Views
CORSAIR, a world leader in PC components, high-performance gaming hardware and enthusiast memory, today announced an exclusive OEM partnership with Lenovo to bring performance, overclockable memory to Lenovo's range of gaming PCs. Combining CORSAIR's...See More


Power by

Download Free AZ | Free Wordpress Themes