During the second three months of 2018, Kaspersky Lab researchers observed an active landscape of APT operations, based mainly in Asia and involving both well-known and less familiar threat actors.

 

A number of groups targeted or timed their campaigns around sensitive geopolitical incidents. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

 

In the second quarter of 2018, Kaspersky Lab researchers continued to uncover new tools, techniques and campaigns being launched by advanced persistent threat (APT) groups, some of which had been quiet for years.

 

Asia remained the epicenter of APT interest: regional groups, such as the Korean-speaking Lazarus and Scarcruft were particularly busy, and researchers discovered an implant called LightNeuron being used by the Russian-speaking Turla to target Central Asia and the Middle East.

 

Highlights in Q2, 2018 include:

  • The return of the actor behind Olympic Destroyer. After its January 2018 attack against the Pyeongchang Winter Olympic games, researchers discovered what they believed was new activity by this actor, targeting financial organizations in Russia, and biochemical threat prevention laboratories in Europe and Ukraine. A number of indicators suggest a low to medium confidence link between Olympic Destroyer and the Russian speaking threat actor, Sofacy.
  • Lazarus/BlueNoroff. There were indications that this high profile APT was targeting financial institutions in Turkey as part of a bigger cyberespionage campaign, as well as casinos in Latin America. These operations suggest that financially motivated activity continues for this group, despite the ongoing North Korean peace talks.
  • The researchers observed relatively high activity from the Scarcruft APT, with the threat actor using Android malware and launching an operation with a new backdoor researchers have named POORWEB.
  • The LuckyMouse APT, a Chinese-speaking threat actor also known as APT 27, which had previously been observed abusing ISPs in Asia for waterhole attacks through high profile websites, was also found to be actively targeting Kazakh and Mongolian governmental entities around the time these governments held their meeting in China.
  • The VPNFilter campaign uncovered by Cisco Talos and attributed by the FBI to Sofacy or Sandworm, revealed the immense vulnerability to attack of domestic networking hardware and storage solutions. The threat can even inject malware into traffic in order to infect computers behind the infected networking device. Kaspersky Lab’s analysis confirmed that traces of this campaign can be found in almost every single country.

 

“The second quarter of 2018 was very interesting in terms of APT activity, with a few remarkable campaigns that remind us how real some of the threats we have been predicting over the last few years have become. In particular, we have warned repeatedly that networking hardware is ideally suited to targeted attacks and highlighted the existence and spread of advanced activity focusing on these devices.” said Vicente Diaz, Principal Security Researcher in the Kaspersky Lab GReAT team.

 

The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports, which also include Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting. For more information, please contact: intelreports@kaspersky.com

 

The Q2 APT Trends summary report can be found on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Aruba Modernizes Network Security to Help Businesses Reduce Risk in the Era of Mobile, Cloud and IoT
Techworld Date Posted: 23 September 2017 1:04 PM | 215 Views
Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), today announced the Aruba 360 Secure Fabric, a security framework that provides 360 degrees of analytics-driven attack detection and response to help organizations reduce risk in today's.... See More
 
Aruba Modernizes Network Security to Help Businesses Reduce Risk in the Era of Mobile, Cloud and IoT
Techworld Date Posted: 1:04 PM | 215 Views
Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), today announced the Aruba 360 Secure Fabric, a security framework that provides 360 degrees of analytics-driven attack detection and response to help organizations reduce risk in today's...See More

 
Love Is Getting in the Way of Users’ Internet Security, Warns Kaspersky Lab
Techworld Date Posted: 23 March 2018 1:21 PM | 241 Views
If you’re in a relationship, ask yourself this question – are you the cyber-savvy one of the two? Or are you the one that’s always leaning on your partner for help when you have.... See More
 
Love Is Getting in the Way of Users’ Internet Security, Warns Kaspersky Lab
Techworld Date Posted: 1:21 PM | 241 Views
If you’re in a relationship, ask yourself this question – are you the cyber-savvy one of the two? Or are you the one that’s always leaning on your partner for help when you have...See More

 
Get a Free Star Wars™: Jedi Challenges with Select Lenovo Legion Laptops
Techworld Date Posted: 14 September 2018 3:45 PM | 101 Views
Lenovo, a global leader in PCs and smart devices, is currently having a promo that is sure to please gamers and Star Wars fans alike. Until supplies last, every purchase of selected Legion gaming.... See More
 
Get a Free Star Wars™: Jedi Challenges with Select Lenovo Legion Laptops
Techworld Date Posted: 3:45 PM | 101 Views
Lenovo, a global leader in PCs and smart devices, is currently having a promo that is sure to please gamers and Star Wars fans alike. Until supplies last, every purchase of selected Legion gaming...See More

 
Shaping the Leaders of Tomorrow
Techworld Date Posted: 9 August 2017 2:55 PM | 189 Views
From left: Harriet B. Fernandez, Director, Computing and Information Services Office, Lennie K. Ong, University Treasurer, Edison B. Sasoy, Vice President for Administration, Fr. Roberto C. Yap, SJ, University President, Mr. Cricket Santiago, President.... See More
 
Shaping the Leaders of Tomorrow
Techworld Date Posted: 2:55 PM | 189 Views
From left: Harriet B. Fernandez, Director, Computing and Information Services Office, Lennie K. Ong, University Treasurer, Edison B. Sasoy, Vice President for Administration, Fr. Roberto C. Yap, SJ, University President, Mr. Cricket Santiago, President...See More

 
26 Per Cent of Ransomware Attacks Now Target Business – Rapidly-Evolving Ransomware Remains a Top Threat
Techworld Date Posted: 1 December 2017 11:42 AM | 202 Views
In 2017, 26.2 per cent those targeted by ransomware were business users, compared to 22.6 per cent in 2016. See More
 
26 Per Cent of Ransomware Attacks Now Target Business – Rapidly-Evolving Ransomware Remains a Top Threat
Techworld Date Posted: 11:42 AM | 202 Views
In 2017, 26.2 per cent those targeted by ransomware were business users, compared to 22.6 per cent in 2016See More

 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 30 September 2017 9:37 AM | 357 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new.... See More
 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 9:37 AM | 357 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new...See More

 
Data Protection a Cornerstone of Robust Cybersecurity: Fortinet
Techworld Date Posted: 22 July 2017 2:36 PM | 209 Views
Fortinet, a global leader in high-performance cyber security solutions, urged IT leaders to take steps to protect data in their organizations in a bid to strengthen data privacy, as well as cyber security in.... See More
 
Data Protection a Cornerstone of Robust Cybersecurity: Fortinet
Techworld Date Posted: 2:36 PM | 209 Views
Fortinet, a global leader in high-performance cyber security solutions, urged IT leaders to take steps to protect data in their organizations in a bid to strengthen data privacy, as well as cyber security in...See More

 
CTO Reflections: Beyond the Appliance
Techworld Date Posted: 30 August 2017 3:46 PM | 166 Views
For anyone reading the news regularly, it's not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider's perspective, I can add that tackling.... See More
 
CTO Reflections: Beyond the Appliance
Techworld Date Posted: 3:46 PM | 166 Views
For anyone reading the news regularly, it's not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider's perspective, I can add that tackling...See More

 
Kaspersky Lab Launches ‘Secure Your Ferrari Experience’ Competition in Asia Pacific
Techworld Date Posted: 23 September 2017 11:41 AM | 241 Views
Kaspersky Lab has launched the ‘Secure Your Ferrari Experience' for the second year running, offering five winners from Asia Pacific a chance to visit the Home of Ferrari in Maranello, Italy. The "Secure Your Ferrari.... See More
 
Kaspersky Lab Launches ‘Secure Your Ferrari Experience’ Competition in Asia Pacific
Techworld Date Posted: 11:41 AM | 241 Views
Kaspersky Lab has launched the ‘Secure Your Ferrari Experience' for the second year running, offering five winners from Asia Pacific a chance to visit the Home of Ferrari in Maranello, Italy. The "Secure Your Ferrari...See More

 
BenQ’s ZOWIE XL2411P Is the Chosen Monitor of PGI
Techworld Date Posted: 25 July 2018 4:12 PM | 209 Views
The XL2411P has been chosen as the tournament monitor of PGI. ZOWIE strives to provide e-Sports professionals and enthusiasts with the best equipment to suit their personal preference, allowing them to focus on nothing.... See More
 
BenQ’s ZOWIE XL2411P Is the Chosen Monitor of PGI
Techworld Date Posted: 4:12 PM | 209 Views
The XL2411P has been chosen as the tournament monitor of PGI. ZOWIE strives to provide e-Sports professionals and enthusiasts with the best equipment to suit their personal preference, allowing them to focus on nothing...See More


Power by

Download Free AZ | Free Wordpress Themes