During the second three months of 2018, Kaspersky Lab researchers observed an active landscape of APT operations, based mainly in Asia and involving both well-known and less familiar threat actors.

 

A number of groups targeted or timed their campaigns around sensitive geopolitical incidents. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

 

In the second quarter of 2018, Kaspersky Lab researchers continued to uncover new tools, techniques and campaigns being launched by advanced persistent threat (APT) groups, some of which had been quiet for years.

 

Asia remained the epicenter of APT interest: regional groups, such as the Korean-speaking Lazarus and Scarcruft were particularly busy, and researchers discovered an implant called LightNeuron being used by the Russian-speaking Turla to target Central Asia and the Middle East.

 

Highlights in Q2, 2018 include:

  • The return of the actor behind Olympic Destroyer. After its January 2018 attack against the Pyeongchang Winter Olympic games, researchers discovered what they believed was new activity by this actor, targeting financial organizations in Russia, and biochemical threat prevention laboratories in Europe and Ukraine. A number of indicators suggest a low to medium confidence link between Olympic Destroyer and the Russian speaking threat actor, Sofacy.
  • Lazarus/BlueNoroff. There were indications that this high profile APT was targeting financial institutions in Turkey as part of a bigger cyberespionage campaign, as well as casinos in Latin America. These operations suggest that financially motivated activity continues for this group, despite the ongoing North Korean peace talks.
  • The researchers observed relatively high activity from the Scarcruft APT, with the threat actor using Android malware and launching an operation with a new backdoor researchers have named POORWEB.
  • The LuckyMouse APT, a Chinese-speaking threat actor also known as APT 27, which had previously been observed abusing ISPs in Asia for waterhole attacks through high profile websites, was also found to be actively targeting Kazakh and Mongolian governmental entities around the time these governments held their meeting in China.
  • The VPNFilter campaign uncovered by Cisco Talos and attributed by the FBI to Sofacy or Sandworm, revealed the immense vulnerability to attack of domestic networking hardware and storage solutions. The threat can even inject malware into traffic in order to infect computers behind the infected networking device. Kaspersky Lab’s analysis confirmed that traces of this campaign can be found in almost every single country.

 

“The second quarter of 2018 was very interesting in terms of APT activity, with a few remarkable campaigns that remind us how real some of the threats we have been predicting over the last few years have become. In particular, we have warned repeatedly that networking hardware is ideally suited to targeted attacks and highlighted the existence and spread of advanced activity focusing on these devices.” said Vicente Diaz, Principal Security Researcher in the Kaspersky Lab GReAT team.

 

The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports, which also include Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting. For more information, please contact: intelreports@kaspersky.com

 

The Q2 APT Trends summary report can be found on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Kaspersky Lab and iSecure Networks Give Away P280k in Photo Story Contest
Techworld Date Posted: 14 October 2017 2:16 PM | 444 Views
Manila, Philippines – Be among the twelve lucky winners of a total of P280,000 worth of cash prizes tax-free just by securing your devices against cyberattacks with Kaspersky Lab and iSecure Network’s photo story.... See More
 
Kaspersky Lab and iSecure Networks Give Away P280k in Photo Story Contest
Techworld Date Posted: 2:16 PM | 444 Views
Manila, Philippines – Be among the twelve lucky winners of a total of P280,000 worth of cash prizes tax-free just by securing your devices against cyberattacks with Kaspersky Lab and iSecure Network’s photo story...See More

 
Realme Philippines Launches Mobile Legends Epic Weekend – Exclusive Promos for Gamers on May 25 and 26
Techworld Date Posted: 25 May 2019 4:26 PM | 308 Views
The Philippine mobile gaming industry lands a big win with the very first gaming smartphone and a grand Mobile Legends tournament care of realme Philippines. Mobile Legends: Bang Bang players battled it out on.... See More
 
Realme Philippines Launches Mobile Legends Epic Weekend – Exclusive Promos for Gamers on May 25 and 26
Techworld Date Posted: 4:26 PM | 308 Views
The Philippine mobile gaming industry lands a big win with the very first gaming smartphone and a grand Mobile Legends tournament care of realme Philippines. Mobile Legends: Bang Bang players battled it out on...See More

 
Be Original, Buy Original
Techworld Date Posted: 12 July 2018 2:04 PM | 491 Views
In line with efforts to bring Nokia fans only the best mobile experience, HMD Global, the home of Nokia phones, warns consumers about counterfeit Nokia phones being sold in physical stores and online shops.. See More
 
Be Original, Buy Original
Techworld Date Posted: 2:04 PM | 491 Views
In line with efforts to bring Nokia fans only the best mobile experience, HMD Global, the home of Nokia phones, warns consumers about counterfeit Nokia phones being sold in physical stores and online shops.See More

 
Are your passwords stored securely? Kaspersky finds 60% rise in users hit by password stealers in 2019
Techworld Date Posted: 25 July 2019 9:18 AM | 228 Views
Are your passwords stored securely? Kaspersky finds 60% rise in users hit by password stealers in 2019. See More
 
Are your passwords stored securely? Kaspersky finds 60% rise in users hit by password stealers in 2019
Techworld Date Posted: 9:18 AM | 228 Views
Are your passwords stored securely? Kaspersky finds 60% rise in users hit by password stealers in 2019See More

 
Kaspersky Lab: How Instagram Accounts Get Hijacked
Techworld Date Posted: 14 September 2018 3:51 PM | 258 Views
Instagram is not just the second most popular social network in the world, but also a means of income for numerous photobloggers, models, and other Internet celebrities. Eye-catching accounts with many thousands of followers.... See More
 
Kaspersky Lab: How Instagram Accounts Get Hijacked
Techworld Date Posted: 3:51 PM | 258 Views
Instagram is not just the second most popular social network in the world, but also a means of income for numerous photobloggers, models, and other Internet celebrities. Eye-catching accounts with many thousands of followers...See More

 
EastWest’s Chief Information Security Officer Emphasizes the Importance of Consent in Data Privacy
Techworld Date Posted: 7 June 2019 3:00 AM | 223 Views
In a time where everyone’s personal data is at risk in many different ways, individuals must exercise great caution in the consent they give in apps and services processing their information, says EastWest Bank.... See More
 
EastWest’s Chief Information Security Officer Emphasizes the Importance of Consent in Data Privacy
Techworld Date Posted: 3:00 AM | 223 Views
In a time where everyone’s personal data is at risk in many different ways, individuals must exercise great caution in the consent they give in apps and services processing their information, says EastWest Bank...See More

 
Redefining the Food-And-Drink Business, One Print at a Time
Techworld Date Posted: 1 March 2019 4:36 PM | 181 Views
  Making siopao buns for her family and friends is a regular affair for Nelly Co. One day in a typical gathering at home in 1994, as she watches the familiar faces smile, laugh,.... See More
 
Redefining the Food-And-Drink Business, One Print at a Time
Techworld Date Posted: 4:36 PM | 181 Views
  Making siopao buns for her family and friends is a regular affair for Nelly Co. One day in a typical gathering at home in 1994, as she watches the familiar faces smile, laugh,...See More

 
With Public Cloud Services Disrupted, Businesses Urged to Deploy Private Cloud to Minimize Losses
Techworld Date Posted: 17 May 2019 2:17 PM | 202 Views
Gmail and Google Drive experienced service disruptions globally on March 13 for appropriately four hours. Gmail users reported having trouble saving email drafts, sending emails, attaching and accessing attachments while Google Drive users experienced.... See More
 
With Public Cloud Services Disrupted, Businesses Urged to Deploy Private Cloud to Minimize Losses
Techworld Date Posted: 2:17 PM | 202 Views
Gmail and Google Drive experienced service disruptions globally on March 13 for appropriately four hours. Gmail users reported having trouble saving email drafts, sending emails, attaching and accessing attachments while Google Drive users experienced...See More

 
Dreaming of #FindingParadise this summer? Power Mac Center gives you a chance to win a trip to El Nido!
Techworld Date Posted: 5 May 2018 3:55 PM | 186 Views
Summer days are made for adventure and fun and luckily for us, the Philippines has no shortage of beautiful places to discover. This summer, Power Mac Center (PMC) is giving you a chance to.... See More
 
Dreaming of #FindingParadise this summer? Power Mac Center gives you a chance to win a trip to El Nido!
Techworld Date Posted: 3:55 PM | 186 Views
Summer days are made for adventure and fun and luckily for us, the Philippines has no shortage of beautiful places to discover. This summer, Power Mac Center (PMC) is giving you a chance to...See More

 
PLDT, Smart Superpower “The Umbrella Academy” Launch with Netflix
Techworld Date Posted: 8 March 2019 3:23 PM | 387 Views
Leading telco digital services provider PLDT Inc., together with its mobile arm, Smart Communications superpowered the star-studded launch of the brand-new Netflix original series, ‘The Umbrella Academy.’. See More
 
PLDT, Smart Superpower “The Umbrella Academy” Launch with Netflix
Techworld Date Posted: 3:23 PM | 387 Views
Leading telco digital services provider PLDT Inc., together with its mobile arm, Smart Communications superpowered the star-studded launch of the brand-new Netflix original series, ‘The Umbrella Academy.’See More


Power by

Download Free AZ | Free Wordpress Themes