During the second three months of 2018, Kaspersky Lab researchers observed an active landscape of APT operations, based mainly in Asia and involving both well-known and less familiar threat actors.

 

A number of groups targeted or timed their campaigns around sensitive geopolitical incidents. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

 

In the second quarter of 2018, Kaspersky Lab researchers continued to uncover new tools, techniques and campaigns being launched by advanced persistent threat (APT) groups, some of which had been quiet for years.

 

Asia remained the epicenter of APT interest: regional groups, such as the Korean-speaking Lazarus and Scarcruft were particularly busy, and researchers discovered an implant called LightNeuron being used by the Russian-speaking Turla to target Central Asia and the Middle East.

 

Highlights in Q2, 2018 include:

  • The return of the actor behind Olympic Destroyer. After its January 2018 attack against the Pyeongchang Winter Olympic games, researchers discovered what they believed was new activity by this actor, targeting financial organizations in Russia, and biochemical threat prevention laboratories in Europe and Ukraine. A number of indicators suggest a low to medium confidence link between Olympic Destroyer and the Russian speaking threat actor, Sofacy.
  • Lazarus/BlueNoroff. There were indications that this high profile APT was targeting financial institutions in Turkey as part of a bigger cyberespionage campaign, as well as casinos in Latin America. These operations suggest that financially motivated activity continues for this group, despite the ongoing North Korean peace talks.
  • The researchers observed relatively high activity from the Scarcruft APT, with the threat actor using Android malware and launching an operation with a new backdoor researchers have named POORWEB.
  • The LuckyMouse APT, a Chinese-speaking threat actor also known as APT 27, which had previously been observed abusing ISPs in Asia for waterhole attacks through high profile websites, was also found to be actively targeting Kazakh and Mongolian governmental entities around the time these governments held their meeting in China.
  • The VPNFilter campaign uncovered by Cisco Talos and attributed by the FBI to Sofacy or Sandworm, revealed the immense vulnerability to attack of domestic networking hardware and storage solutions. The threat can even inject malware into traffic in order to infect computers behind the infected networking device. Kaspersky Lab’s analysis confirmed that traces of this campaign can be found in almost every single country.

 

“The second quarter of 2018 was very interesting in terms of APT activity, with a few remarkable campaigns that remind us how real some of the threats we have been predicting over the last few years have become. In particular, we have warned repeatedly that networking hardware is ideally suited to targeted attacks and highlighted the existence and spread of advanced activity focusing on these devices.” said Vicente Diaz, Principal Security Researcher in the Kaspersky Lab GReAT team.

 

The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports, which also include Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting. For more information, please contact: intelreports@kaspersky.com

 

The Q2 APT Trends summary report can be found on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Launch of High-Speed Monochrome Printer, WorkForce Enterprise WF-M20590
Techworld Date Posted: 15 August 2019 4:53 PM | 90 Views
Launch of High-Speed Monochrome Printer, WorkForce Enterprise WF-M20590. See More
 
Launch of High-Speed Monochrome Printer, WorkForce Enterprise WF-M20590
Techworld Date Posted: 4:53 PM | 90 Views
Launch of High-Speed Monochrome Printer, WorkForce Enterprise WF-M20590See More

 
HyperX Join Forces with GPL Summer 2017
Techworld Date Posted: 24 August 2017 10:54 AM | 343 Views
HyperX, the gaming division of Kingston Technology, today announce the title sponsorship of the Garena Premier League 2017 Summer Split, the biggest League of Legends tournaments in Southeast Asia. Elite teams from Thailand, Indonesia,.... See More
 
HyperX Join Forces with GPL Summer 2017
Techworld Date Posted: 10:54 AM | 343 Views
HyperX, the gaming division of Kingston Technology, today announce the title sponsorship of the Garena Premier League 2017 Summer Split, the biggest League of Legends tournaments in Southeast Asia. Elite teams from Thailand, Indonesia,...See More

 
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops
Techworld Date Posted: 27 June 2019 11:00 AM | 21 Views
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops. See More
 
COLORFUL Introduces New iGame Line of Pre-Built Gaming Desktops
Techworld Date Posted: 11:00 AM | 21 Views
COLORFUL Introduces New iGame Line of Pre-Built Gaming DesktopsSee More

 
Fortinet Philippines Bags Global Awards for Marketing & Business Excellence and Outstanding Executives 2017
Techworld Date Posted: 21 December 2017 5:12 PM | 39 Views
(L-R) Jessica Jugo, inside sales representative, Fortinet Philippines; Jeff Castillo, regional director, Fortinet; and Eunice Quilantang, Systems Engineer, Fortinet Philippines during the gala of the Global Awards for Marketing & Business Excellence and Outstanding.... See More
 
Fortinet Philippines Bags Global Awards for Marketing & Business Excellence and Outstanding Executives 2017
Techworld Date Posted: 5:12 PM | 39 Views
(L-R) Jessica Jugo, inside sales representative, Fortinet Philippines; Jeff Castillo, regional director, Fortinet; and Eunice Quilantang, Systems Engineer, Fortinet Philippines during the gala of the Global Awards for Marketing & Business Excellence and Outstanding...See More

 
TRIAL and ERROR: Kaspersky Lab Unearths iOS Cryptomining Attacks, Careless Mistakes by Roaming Mantis
Techworld Date Posted: 24 September 2018 4:57 PM | 263 Views
Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend.... See More
 
TRIAL and ERROR: Kaspersky Lab Unearths iOS Cryptomining Attacks, Careless Mistakes by Roaming Mantis
Techworld Date Posted: 4:57 PM | 263 Views
Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend...See More

 
Inclusive Work Philosophies in the Philippines Encourage Innovation 

Techworld Date Posted: 2 July 2019 9:41 AM | 38 Views
Inclusive Work Philosophies in the Philippines Encourage Innovation 
. See More
 
Inclusive Work Philosophies in the Philippines Encourage Innovation 

Techworld Date Posted: 9:41 AM | 38 Views
Inclusive Work Philosophies in the Philippines Encourage Innovation 
See More

 
Geopolitical Targets and New Campaigns in Asia Mark Busy Q2 for Threat Actors
Techworld Date Posted: 30 August 2018 2:08 PM | 23 Views
During the second three months of 2018, Kaspersky Lab researchers observed an active landscape of APT operations, based mainly in Asia and involving both well-known and less familiar threat actors. . See More
 
Geopolitical Targets and New Campaigns in Asia Mark Busy Q2 for Threat Actors
Techworld Date Posted: 2:08 PM | 23 Views
During the second three months of 2018, Kaspersky Lab researchers observed an active landscape of APT operations, based mainly in Asia and involving both well-known and less familiar threat actors. See More

 
DJI Introduces FlightHub Software to Help Enterprises Efficiently Manage Their Drone Operations
Techworld Date Posted: 8 November 2017 4:09 PM | 29 Views
DJI, the world’s leader in civilian drones and aerial imaging technology, unveiled FlightHub, a new software solution that helps enterprises and drone service providers efficiently manage their drone operations from a single platform.. See More
 
DJI Introduces FlightHub Software to Help Enterprises Efficiently Manage Their Drone Operations
Techworld Date Posted: 4:09 PM | 29 Views
DJI, the world’s leader in civilian drones and aerial imaging technology, unveiled FlightHub, a new software solution that helps enterprises and drone service providers efficiently manage their drone operations from a single platform.See More

 
Get Lucky with MSI Gaming PH’s Treasure Hunt Promo Starting This January
Techworld Date Posted: 24 January 2018 4:49 PM | 498 Views
MSI, one of the leading gaming laptop brands, announces their “Treasure Hunt” promo in celebration with the upcoming Chinese New Year. . See More
 
Get Lucky with MSI Gaming PH’s Treasure Hunt Promo Starting This January
Techworld Date Posted: 4:49 PM | 498 Views
MSI, one of the leading gaming laptop brands, announces their “Treasure Hunt” promo in celebration with the upcoming Chinese New Year. See More

 
Digital Clutter Leaves Your Business Exposed – And Employee Fridges Could Explain Why
Techworld Date Posted: 30 April 2019 10:08 AM | 24 Views
Businesses across the world are struggling to secure their data due to employees not recognizing their responsibility for digital clutter; the proliferation of digital documents and files without thought for managing the security consequences..... See More
 
Digital Clutter Leaves Your Business Exposed – And Employee Fridges Could Explain Why
Techworld Date Posted: 10:08 AM | 24 Views
Businesses across the world are struggling to secure their data due to employees not recognizing their responsibility for digital clutter; the proliferation of digital documents and files without thought for managing the security consequences....See More


Power by

Download Free AZ | Free Wordpress Themes