Tag: APT
-
In Kaspersky’s latest report on Advanced Persistent Threat (APT) trends for the second quarter of 2023, researchers analysed the development of new and existing campaigns. The report highlights APT activity during this period including the updating of toolsets, the creation of new malware variants, and the adoption of fresh techniques by threat actors. A significant new revelation…
-
The threat actor targets government and diplomatic entities in the Commonwealth of Independent States (CIS) with the final aim to steal internal documents. The occasional victims discovered in other regions (such as the Middle East or South-East Asia) turn out to be foreign representations of CIS countries, illustrating Tomiris’s narrow focus.
-
In October 2022, Kaspersky researchers discovered an ongoing advanced persistent threat (APT) campaign targeting organisations located in the area affected by the ongoing conflict between Russia and Ukraine. Dubbed CommonMagic, the espionage campaign has been active since at least September 2021, and uses a previously unknown malware to gather data from its targets. The targets…
-
BlueNoroff, an APT actor, adopts new malware techniques under guise of VC funds as it renews attacks
Kaspersky researchers recently discovered that the infamous Advanced Persistent Threat (APT) actor BlueNoroff added new sophisticated malware strains to its arsenal. BlueNoroff is known as the threat actor that targets financial entities’ cryptocurrency around the world, specifically aiming at venture capital firms, crypto startups, and banks. Now the BlueNoroff actor is experimenting with new file…
-
In mid-2021, Kaspersky researchers discovered a wave of new attacks by the Middle Eastern Advanced Persistent Threat (APT) group, DeftTorero, also popularly dubbed as the Volatile Cedar. First detected in 2012, the APT group has been actively targeting the Government, Military, Education, Corporate and Telecommunication industries particularly across the UAE, Saudi Arabia, Egypt, Kuwait, Lebanon,…
-
In the second quarter of 2022, Kaspersky researchers witnessed Advanced Persistent Threat (APT) actors increasingly targeting the cryptocurrency industry. Using cryptocurrency-related content and warnings from law enforcements as bait, the actor behind this new and highly active campaign, dubbed “NaiveCopy”, attacked stock and cryptocurrency investors in South Korea. Further analysis of NaiveCopy’s tactics and techniques…
-
Kaspersky’s researchers have uncovered a rootkit developed by an advanced persistent threat (APT) actor that stays on the victim’s machine even if the operating system is rebooted or Windows is reinstalled – making it very dangerous in the long run. Dubbed “CosmicStrand,” this UEFI firmware rootkit was used majorly to attack private individuals in China,…
-
Kaspersky researchers have reported an ongoing campaign carried out by an advanced persistent threat (APT) group dubbed ToddyCat, which focuses on compromising multiple Microsoft Exchange servers using two malicious programs – Samurai backdoor and Ninja Trojan. The campaign primarily targeted government and military sectors in Europe and Asia. ToddyCat is a relatively new sophisticated APT…
-
Kaspersky’s researchers have uncovered the third case of a firmware bootkit in the wild. Dubbed MoonBounce, this malicious implant is hidden within a computer’s Unified Extensible Firmware Interface (UEFI) firmware, an essential part of computers, in the SPI flash, a storage component external to the hard drive. Such implants are notoriously difficult to remove and…
-
ESET investigates Donot Team, the cyberespionage group targeting military, governments in South Asia
ESET researchers have uncovered recent campaigns and an updated threat arsenal of the infamous APT group Donot Team (also known as APT-C-35 and SectorE02). According to research findings, the group is very persistent and has consistently targeted the same organizations for at least the last two years. For this research, ESET monitored Donot Team for…
-
Kaspersky experts have uncovered a series of attacks by advanced persistent threat (APT) actor BlueNoroff against small and medium-sized companies (SMEs) worldwide resulting in major cryptocurrency losses for the victims. The campaign, dubbed SnatchCrypto, is aimed at various companies that, by the nature of their work, deal with cryptocurrencies and smart contracts, DeFi, Blockchain, and…
-
Kaspersky experts have uncovered a rare, wide-scale advanced persistent threat (APT) campaign against users that was first detected in Southeast Asia. Kaspersky identified approximately 1,500 victims, some of which were government entities. Initial infection occurs via spear-phishing emails containing a malicious Word document; once downloaded on one system, the malware can then spread to other…
-
As targeted ransomware continues to haunt businesses all over the globe, one can’t help but look deeper into the operations of particular ransomware gangs. This helps to better understand them and develop more advanced protection against the threats they pose. Kaspersky researchers took apart and inspected a curious specimen (or, more correctly, specimens) belonging to…
-
Kaspersky researchers have uncovered TunnelSnake, an ongoing advanced persistent threat (APT) campaign, active since 2019, which has targeted regional diplomatic entities in Asia and Africa. The attackers deployed a previously unknown rootkit dubbed Moriya. This piece of malware, with nearly absolute power over the operating system, enabled threat actors to intercept network traffic and conceal…
-
In the autumn of 2020 (for the northern hemisphere), Kaspersky researchers identified two APT incidents that targeted entities related to COVID-19 research – a Ministry of Health body and a pharmaceutical company. Kaspersky experts assessed with high confidence that the activities can be attributed to the infamous Lazarus group. As the pandemic and restrictive measures…
-
In February of this year, SixLittleMonkeys, aka Microcin, an advanced persistent threat (APT) actor that conducts cyberespionage campaigns against government bodies and diplomatic entities, was found downloading a Trojan into a target’s system memory. Kaspersky researchers discovered that this last-stager (the final stage of an attack when the malicious payload has been downloaded and begins…