CyberSecurityBoard
Sponsor Register Login

Persistent Espionage Campaign Targets APAC Governments

Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed "TetrisPhantom." The persistent operation has specifically targeted government institutions in the Asia-Pacific region, utilizing a unique method involving secure USB drives for data infiltration. Kaspersky's findings are part of their latest quarterly APT threat landscape report. The clandestine campaign, which first came to light in early 2023, is orchestrated by an elusive and unidentified threat actor. Its strategic focus on exploiting secure USB drives sets this operation apart. Government organizations commonly use these removable drives to securely store and transfer sensitive data, implying that similar infiltration techniques could affect government entities worldwide. According to Kaspersky, TetrisPhantom deploys a range of malicious modules that allow the attacker to gain extensive control over their victim's device. This level of control enables the execution of commands, data extraction from compromised systems and transfer of pilfered information using secure USB drives as discreet carriers. The attackers can introduce other malicious files into the infiltrated systems. "Our investigation reveals a high level of sophistication, including virtualization-based software obfuscation, low-level communication with the USB drive using direct SCSI commands and self-replication through connected, secure USBs," noted Noushin Shabab, senior security researcher at Kaspersky's Global Research and Analysis Team. "These operations were conducted by a highly skilled and resourceful threat actor, with a keen interest in espionage activities within sensitive and safeguarded government networks." To shield against these targeted attacks, Kaspersky researchers advocate a proactive approach. This includes maintaining up-to-date software, exercising caution with unsolicited requests for sensitive information, providing cybersecurity teams with the latest threat intelligence, enhancing team skills and implementing endpoint detection and response solutions. Kaspersky will provide additional information about the TetrisPhantom threat at the Security Analyst Summit scheduled for October 25-28..

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Persistent Espionage Campaign Targets APAC Governments

Persistent Espionage Campaign Targets APAC Governments - Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed "TetrisPhantom." The persistent operation has specifically targeted government institutions in the Asia-Pacific region, utilizing a unique ...
1 year ago Infosecurity-magazine.com
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit | The Record from Recorded Future News - Last June, Kaspersky discovered another espionage campaign, dubbed Operation Triangulation, that exploited two vulnerabilities in Apple devices. Russian security researchers discovered sophisticated new malware used in an espionage campaign targeting ...
2 months ago Therecord.media CVE-2025-2783
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
1 year ago Darkreading.com
Sophos: Cyber Security Professional Burnout Is Widespread, Creating Risk for APAC Organisations - Many cybersecurity professionals with burnout in APAC have suffered in silence for years. The Sophos report, The Future of Cybersecurity in Asia-Pacific and Japan, found burnout and fatigue are widespread, with nine out of 10 employees impacted on ...
1 year ago Techrepublic.com Silence
'ChamelGang' APT Disguises Espionage Activities With Ransomware - A likely China-backed advanced persistent threat group has been systematically using ransomware to disguise its relatively prolific cyber-espionage operations for the past three years, at least. The threat actor, who researchers at SentinelOne are ...
11 months ago Darkreading.com APT41
ClickFake Interview - Lazarus Hackers Exploit Windows & macOS Users Fake Job Campaign - The ClickFake Interview campaign builds upon the tactics of Contagious Interview, which targeted software developers via fake job interviews conducted on platforms like LinkedIn or X (formerly Twitter). The Lazarus Group, a North Korean ...
2 months ago Cybersecuritynews.com Lazarus Group
Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows - Cisco Talos researchers identified this campaign has been active since at least November 2024, with evidence suggesting Gamaredon is specifically targeting Ukrainian government organizations, critical infrastructure, and entities affiliated with ...
2 months ago Cybersecuritynews.com
Iranian Phishing Campaign Targets Israel-Hamas War Experts - Iran-linked threat actors are targeting high-profile researchers working on the Israel-Hamas conflict via a sophisticated social engineering campaign, according to Microsoft Threat Intelligence. The threat actor Mint Sandstorm, which has ties to ...
1 year ago Infosecurity-magazine.com
Chinese APT Hackers Earth Krahang Exploits Government Exchange Servers - A new Advanced Persistent Threat campaign, dubbed Earth Krahang, has emerged with a focus on infiltrating government entities across the globe. This campaign, active since early 2022, has been linked to a China-nexus threat actor, previously ...
1 year ago Cybersecuritynews.com CVE-2023-32315 CVE-2022-21587 Earth Lusca
Russian FSB Cyber Espionage: Navigating the Threat Landscape - The field of cybersecurity is always changing, and recent developments have refocused attention on Russian hackers and their purported participation in an elaborate cyber-espionage scheme. Russian security chief agency Federal Security Service is ...
1 year ago Cysecurity.news
Obsidian Security Warns of Rising SaaS Threats to Enterprises - You can unsubscribe at any ...
8 months ago Techrepublic.com
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
1 year ago Hackread.com
Ukrainian government, Belarusian opposition targeted in new espionage campaign | The Record from Recorded Future News - A suspected Belarusian state-backed hacking group is behind a cyber espionage campaign targeting opposition activists in the country, as well as Ukrainian military and government entities, according to a new report. “While Belarus doesn’t ...
3 months ago Therecord.media
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
1 year ago Go.theregister.com Rocke
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs - Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and ...
1 year ago Microsoft.com
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
1 year ago Darkreading.com Kimsuky OilRig
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
1 year ago Darkreading.com Kimsuky OilRig
North Korean hackers target Ukrainian government in new espionage campaign | The Record from Recorded Future News - North Korea, which started deploying troops to assist Russian forces in Ukraine in late 2024, is likely using this intelligence to assess risks to its own forces on the ground and to gauge whether Moscow will require further military support, ...
1 month ago Therecord.media
From Social Engineering to DMARC Abuse: TA427's Art of Information Gathering - Key takeaways  TA427 regularly engages in benign conversation starter campaigns to establish contact with targets for long-term exchanges of information on topics of strategic importance to the North Korean regime. In addition to using specially ...
1 year ago Proofpoint.com
Google fixes Chrome zero-day exploited in espionage campaign - ​Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations. However, Kaspersky researchers who discovered the actively ...
2 months ago Bleepingcomputer.com CVE-2025-2783
Konni APT Hackers Using Multi-Stage Malware to Attack Organizations - Broadcom analysts identified the final payload as a sophisticated Remote Access Trojan (RAT) specifically engineered to establish persistence, collect system information, harvest directory listings, and exfiltrate the gathered data to compromised ...
1 month ago Cybersecuritynews.com
New TetrisPhantom hackers steal data from secure USB drives on govt systems - A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region. Secure USB drives store files in an encrypted part of the device and are used to safely ...
1 year ago Bleepingcomputer.com Ragnar Locker
In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities - You have a preview view of this article while we are checking your access. When we have confirmed access, the full article content will load. A monthslong hacking campaign targeted the governments of regional rivals, including Israel, and marked a ...
1 year ago Nytimes.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)