CyberSecurityBoard
Sponsor Register Login

Persistent Espionage Campaign Targets APAC Governments

Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed "TetrisPhantom." The persistent operation has specifically targeted government institutions in the Asia-Pacific region, utilizing a unique method involving secure USB drives for data infiltration. Kaspersky's findings are part of their latest quarterly APT threat landscape report. The clandestine campaign, which first came to light in early 2023, is orchestrated by an elusive and unidentified threat actor. Its strategic focus on exploiting secure USB drives sets this operation apart. Government organizations commonly use these removable drives to securely store and transfer sensitive data, implying that similar infiltration techniques could affect government entities worldwide. According to Kaspersky, TetrisPhantom deploys a range of malicious modules that allow the attacker to gain extensive control over their victim's device. This level of control enables the execution of commands, data extraction from compromised systems and transfer of pilfered information using secure USB drives as discreet carriers. The attackers can introduce other malicious files into the infiltrated systems. "Our investigation reveals a high level of sophistication, including virtualization-based software obfuscation, low-level communication with the USB drive using direct SCSI commands and self-replication through connected, secure USBs," noted Noushin Shabab, senior security researcher at Kaspersky's Global Research and Analysis Team. "These operations were conducted by a highly skilled and resourceful threat actor, with a keen interest in espionage activities within sensitive and safeguarded government networks." To shield against these targeted attacks, Kaspersky researchers advocate a proactive approach. This includes maintaining up-to-date software, exercising caution with unsolicited requests for sensitive information, providing cybersecurity teams with the latest threat intelligence, enhancing team skills and implementing endpoint detection and response solutions. Kaspersky will provide additional information about the TetrisPhantom threat at the Security Analyst Summit scheduled for October 25-28..

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Persistent Espionage Campaign Targets APAC Governments

Persistent Espionage Campaign Targets APAC Governments - Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed "TetrisPhantom." The persistent operation has specifically targeted government institutions in the Asia-Pacific region, utilizing a unique ...
1 year ago Infosecurity-magazine.com
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit | The Record from Recorded Future News - Last June, Kaspersky discovered another espionage campaign, dubbed Operation Triangulation, that exploited two vulnerabilities in Apple devices. Russian security researchers discovered sophisticated new malware used in an espionage campaign targeting ...
5 months ago Therecord.media CVE-2025-2783
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
8 years ago
North Korean APT Hackers Poison CI/CD Pipelines To Exfiltrate Sensitive Data - A sophisticated espionage campaign orchestrated by the North Korea-backed Lazarus Group has successfully infiltrated open source software ecosystems on an unprecedented scale, transforming trusted developer tools into weapons of cyber espionage. ...
1 month ago Cybersecuritynews.com Lazarus Group
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
1 year ago Darkreading.com
Sophos: Cyber Security Professional Burnout Is Widespread, Creating Risk for APAC Organisations - Many cybersecurity professionals with burnout in APAC have suffered in silence for years. The Sophos report, The Future of Cybersecurity in Asia-Pacific and Japan, found burnout and fatigue are widespread, with nine out of 10 employees impacted on ...
1 year ago Techrepublic.com Silence
ShadowSilk Targets Central Asian Governments with Espionage Campaign - ShadowSilk, a sophisticated cyber espionage group, has been actively targeting Central Asian governments in a recent campaign aimed at gathering sensitive intelligence. This threat actor employs advanced malware and social engineering tactics to ...
6 days ago Infosecurity-magazine.com ShadowSilk
'ChamelGang' APT Disguises Espionage Activities With Ransomware - A likely China-backed advanced persistent threat group has been systematically using ransomware to disguise its relatively prolific cyber-espionage operations for the past three years, at least. The threat actor, who researchers at SentinelOne are ...
1 year ago Darkreading.com APT41
ClickFake Interview - Lazarus Hackers Exploit Windows & macOS Users Fake Job Campaign - The ClickFake Interview campaign builds upon the tactics of Contagious Interview, which targeted software developers via fake job interviews conducted on platforms like LinkedIn or X (formerly Twitter). The Lazarus Group, a North Korean ...
5 months ago Cybersecuritynews.com Lazarus Group
Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows - Cisco Talos researchers identified this campaign has been active since at least November 2024, with evidence suggesting Gamaredon is specifically targeting Ukrainian government organizations, critical infrastructure, and entities affiliated with ...
5 months ago Cybersecuritynews.com
Iranian Phishing Campaign Targets Israel-Hamas War Experts - Iran-linked threat actors are targeting high-profile researchers working on the Israel-Hamas conflict via a sophisticated social engineering campaign, according to Microsoft Threat Intelligence. The threat actor Mint Sandstorm, which has ties to ...
1 year ago Infosecurity-magazine.com
Chinese APT Hackers Earth Krahang Exploits Government Exchange Servers - A new Advanced Persistent Threat campaign, dubbed Earth Krahang, has emerged with a focus on infiltrating government entities across the globe. This campaign, active since early 2022, has been linked to a China-nexus threat actor, previously ...
1 year ago Cybersecuritynews.com CVE-2023-32315 CVE-2022-21587 Earth Lusca
Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data - A sophisticated cyberattack orchestrated by Chinese state-sponsored hackers has exposed vulnerabilities in the global cybersecurity infrastructure, targeting critical COVID-19 research from American universities and exploiting Microsoft Exchange ...
1 month ago Cybersecuritynews.com HAFNIUM
Allied spy agencies blame Chinese companies for Salt Typhoon cyber espionage campaign - Allied intelligence agencies have attributed the Salt Typhoon cyber espionage campaign to Chinese companies, highlighting a significant threat in the cybersecurity landscape. Salt Typhoon is a sophisticated cyber operation targeting various sectors ...
6 days ago Therecord.media Salt Typhoon
Chinese Tech Firms Hit by Salt Typhoon Cyber Espionage Campaign - A recent cyber espionage campaign named Salt Typhoon has been targeting Chinese technology firms, raising concerns about the increasing sophistication of state-sponsored cyber attacks. This campaign focuses on infiltrating high-profile tech companies ...
5 days ago Infosecurity-magazine.com Salt Typhoon
Obsidian Security Warns of Rising SaaS Threats to Enterprises - You can unsubscribe at any ...
11 months ago Techrepublic.com
Russian FSB Cyber Espionage: Navigating the Threat Landscape - The field of cybersecurity is always changing, and recent developments have refocused attention on Russian hackers and their purported participation in an elaborate cyber-espionage scheme. Russian security chief agency Federal Security Service is ...
1 year ago Cysecurity.news
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
1 year ago Hackread.com
Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News - While the group is based in China, Microsoft previously said it is “unable to confidently assess the threat actor’s objectives.” The two other Chinese groups identified with the so-called “ToolShell” campaign — Linen Typhoon and Violet ...
1 month ago Therecord.media CVE-2025-49706
Ukrainian government, Belarusian opposition targeted in new espionage campaign | The Record from Recorded Future News - A suspected Belarusian state-backed hacking group is behind a cyber espionage campaign targeting opposition activists in the country, as well as Ukrainian military and government entities, according to a new report. “While Belarus doesn’t ...
6 months ago Therecord.media
Microsoft Unveils Storm-0501’s Sophisticated Espionage Campaign Targeting Asia - Microsoft has recently disclosed a sophisticated cyber espionage campaign named Storm-0501, primarily targeting organizations across Asia. This campaign is attributed to a threat actor group known for advanced persistent threats (APT). Storm-0501 ...
6 days ago Cybersecuritynews.com CVE-2023-23397 CVE-2023-28252 Storm-0501
China-linked Salt Typhoon targets Dutch telcos with espionage campaign - A recent cyber espionage campaign attributed to the China-linked threat group Salt Typhoon has been targeting Dutch telecommunications companies. This campaign involves sophisticated tactics aimed at infiltrating and extracting sensitive information ...
5 days ago Infosecurity-magazine.com Salt Typhoon
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
1 year ago Go.theregister.com Rocke
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs - Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and ...
1 year ago Microsoft.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)