During the second three months of 2018, Kaspersky Lab researchers observed an active landscape of APT operations, based mainly in Asia and involving both well-known and less familiar threat actors.

 

A number of groups targeted or timed their campaigns around sensitive geopolitical incidents. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

 

In the second quarter of 2018, Kaspersky Lab researchers continued to uncover new tools, techniques and campaigns being launched by advanced persistent threat (APT) groups, some of which had been quiet for years.

 

Asia remained the epicenter of APT interest: regional groups, such as the Korean-speaking Lazarus and Scarcruft were particularly busy, and researchers discovered an implant called LightNeuron being used by the Russian-speaking Turla to target Central Asia and the Middle East.

 

Highlights in Q2, 2018 include:

  • The return of the actor behind Olympic Destroyer. After its January 2018 attack against the Pyeongchang Winter Olympic games, researchers discovered what they believed was new activity by this actor, targeting financial organizations in Russia, and biochemical threat prevention laboratories in Europe and Ukraine. A number of indicators suggest a low to medium confidence link between Olympic Destroyer and the Russian speaking threat actor, Sofacy.
  • Lazarus/BlueNoroff. There were indications that this high profile APT was targeting financial institutions in Turkey as part of a bigger cyberespionage campaign, as well as casinos in Latin America. These operations suggest that financially motivated activity continues for this group, despite the ongoing North Korean peace talks.
  • The researchers observed relatively high activity from the Scarcruft APT, with the threat actor using Android malware and launching an operation with a new backdoor researchers have named POORWEB.
  • The LuckyMouse APT, a Chinese-speaking threat actor also known as APT 27, which had previously been observed abusing ISPs in Asia for waterhole attacks through high profile websites, was also found to be actively targeting Kazakh and Mongolian governmental entities around the time these governments held their meeting in China.
  • The VPNFilter campaign uncovered by Cisco Talos and attributed by the FBI to Sofacy or Sandworm, revealed the immense vulnerability to attack of domestic networking hardware and storage solutions. The threat can even inject malware into traffic in order to infect computers behind the infected networking device. Kaspersky Lab’s analysis confirmed that traces of this campaign can be found in almost every single country.

 

“The second quarter of 2018 was very interesting in terms of APT activity, with a few remarkable campaigns that remind us how real some of the threats we have been predicting over the last few years have become. In particular, we have warned repeatedly that networking hardware is ideally suited to targeted attacks and highlighted the existence and spread of advanced activity focusing on these devices.” said Vicente Diaz, Principal Security Researcher in the Kaspersky Lab GReAT team.

 

The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports, which also include Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting. For more information, please contact: intelreports@kaspersky.com

 

The Q2 APT Trends summary report can be found on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Nokia 7 Plus Wins Consumer Smartphone of the Year at EISA Awards 2018
Techworld Date Posted: 24 August 2018 4:42 PM | 108 Views
HMD Global, the home of Nokia phones, is proud to announce that the Nokia 7 Plus has been named the Consumer Smartphone of the Year by the Expert Imaging and Sound Association (EISA). The.... See More
 
Nokia 7 Plus Wins Consumer Smartphone of the Year at EISA Awards 2018
Techworld Date Posted: 4:42 PM | 108 Views
HMD Global, the home of Nokia phones, is proud to announce that the Nokia 7 Plus has been named the Consumer Smartphone of the Year by the Expert Imaging and Sound Association (EISA). The...See More

 
Power Mac Center Launches App Development Contest for Kids
Techworld Date Posted: 12 December 2018 4:13 PM | 81 Views
Apple Authorized Training Provider Power Mac Center, in collaboration with Kids Can! Innovation Camp, launches emPOWER UP! Design a Better World: App Development Challenge for kids between 10-15 years old.. See More
 
Power Mac Center Launches App Development Contest for Kids
Techworld Date Posted: 4:13 PM | 81 Views
Apple Authorized Training Provider Power Mac Center, in collaboration with Kids Can! Innovation Camp, launches emPOWER UP! Design a Better World: App Development Challenge for kids between 10-15 years old.See More

Rafael Aquino
Steam Sales: HOW AND WHY
Techworld • By: Rafael Aquino | Date Posted: 14 August 2017 9:30 AM | 254 Views
Steam sales are a massive tip against the balance of the game world. It's why everyone looks into Steam for a cheap game. ("Ooh check that game! OMG! It must be on sale on.... See More
Rafael Aquino
Steam Sales: HOW AND WHY
Techworld • By: Rafael Aquino | Date Posted: 9:30 AM | 254 Views
Steam sales are a massive tip against the balance of the game world. It's why everyone looks into Steam for a cheap game. ("Ooh check that game! OMG! It must be on sale on...See More

 
Team Group Leads Industry with MoStash Reader for iOS and the WC0C Charging Cable with 3-in-1 Connector
Techworld Date Posted: 8 September 2017 1:29 PM | 217 Views
September 7th, 2017, Taipei, Taiwan - Team Group is continuously dedicated to satisfying the needs of our consumers in every aspect so today Team Group announces the latest mobile peripherals with rich features with.... See More
 
Team Group Leads Industry with MoStash Reader for iOS and the WC0C Charging Cable with 3-in-1 Connector
Techworld Date Posted: 1:29 PM | 217 Views
September 7th, 2017, Taipei, Taiwan - Team Group is continuously dedicated to satisfying the needs of our consumers in every aspect so today Team Group announces the latest mobile peripherals with rich features with...See More

 
Technology and Security Leaders Unite at Tech Talk 2018
Techworld Date Posted: 26 November 2018 5:19 PM | 162 Views
The tech industry is evolving at an unprecedented pace and if people are not fully invested in keeping up with the latest developments, they might feel overwhelmed with the sheer amount of information available..... See More
 
Technology and Security Leaders Unite at Tech Talk 2018
Techworld Date Posted: 5:19 PM | 162 Views
The tech industry is evolving at an unprecedented pace and if people are not fully invested in keeping up with the latest developments, they might feel overwhelmed with the sheer amount of information available....See More

 
Amdocs, Amazon Web Services Gear Up Globe for Meaningful Digital Customer Engagement
Techworld Date Posted: 5 September 2018 4:45 PM | 82 Views
Amdocs (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced its collaboration with Amazon Web Services (AWS) in enabling Globe Telecom. See More
 
Amdocs, Amazon Web Services Gear Up Globe for Meaningful Digital Customer Engagement
Techworld Date Posted: 4:45 PM | 82 Views
Amdocs (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced its collaboration with Amazon Web Services (AWS) in enabling Globe TelecomSee More

 
DJI Develops Option for Pilots to Fly Without Internet Data Transfer
Techworld Date Posted: 16 August 2017 3:00 PM | 265 Views
DJI, the world's leader in civilian drones and aerial imaging technology, is developing a new local data mode that stops internet traffic to and from its flight control apps, in order to provide enhanced.... See More
 
DJI Develops Option for Pilots to Fly Without Internet Data Transfer
Techworld Date Posted: 3:00 PM | 265 Views
DJI, the world's leader in civilian drones and aerial imaging technology, is developing a new local data mode that stops internet traffic to and from its flight control apps, in order to provide enhanced...See More

 
Geopolitical Targets and New Campaigns in Asia Mark Busy Q2 for Threat Actors
Techworld Date Posted: 30 August 2018 2:08 PM | 99 Views
During the second three months of 2018, Kaspersky Lab researchers observed an active landscape of APT operations, based mainly in Asia and involving both well-known and less familiar threat actors. . See More
 
Geopolitical Targets and New Campaigns in Asia Mark Busy Q2 for Threat Actors
Techworld Date Posted: 2:08 PM | 99 Views
During the second three months of 2018, Kaspersky Lab researchers observed an active landscape of APT operations, based mainly in Asia and involving both well-known and less familiar threat actors. See More

 
Transcend Releases Fast, Stylish StoreJet 600 for Mac
Techworld Date Posted: 27 September 2017 4:59 PM | 202 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the StoreJet 600 for Mac. Housed in a stunning metallic casing, this light and durable StoreJet.... See More
 
Transcend Releases Fast, Stylish StoreJet 600 for Mac
Techworld Date Posted: 4:59 PM | 202 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the StoreJet 600 for Mac. Housed in a stunning metallic casing, this light and durable StoreJet...See More

 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 11 January 2018 9:32 AM | 260 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:. See More
 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 9:32 AM | 260 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:See More


Power by

Download Free AZ | Free Wordpress Themes