Persistent Espionage Campaign Targets APAC Governments

Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed "TetrisPhantom." The persistent operation has specifically targeted government institutions in the Asia-Pacific region, utilizing a unique method involving secure USB drives for data infiltration. Kaspersky's findings are part of their latest quarterly APT threat landscape report. The clandestine campaign, which first came to light in early 2023, is orchestrated by an elusive and unidentified threat actor. Its strategic focus on exploiting secure USB drives sets this operation apart. Government organizations commonly use these removable drives to securely store and transfer sensitive data, implying that similar infiltration techniques could affect government entities worldwide. According to Kaspersky, TetrisPhantom deploys a range of malicious modules that allow the attacker to gain extensive control over their victim's device. This level of control enables the execution of commands, data extraction from compromised systems and transfer of pilfered information using secure USB drives as discreet carriers. The attackers can introduce other malicious files into the infiltrated systems. "Our investigation reveals a high level of sophistication, including virtualization-based software obfuscation, low-level communication with the USB drive using direct SCSI commands and self-replication through connected, secure USBs," noted Noushin Shabab, senior security researcher at Kaspersky's Global Research and Analysis Team. "These operations were conducted by a highly skilled and resourceful threat actor, with a keen interest in espionage activities within sensitive and safeguarded government networks." To shield against these targeted attacks, Kaspersky researchers advocate a proactive approach. This includes maintaining up-to-date software, exercising caution with unsolicited requests for sensitive information, providing cybersecurity teams with the latest threat intelligence, enhancing team skills and implementing endpoint detection and response solutions. Kaspersky will provide additional information about the TetrisPhantom threat at the Security Analyst Summit scheduled for October 25-28..

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Persistent Espionage Campaign Targets APAC Governments

CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
Persistent Espionage Campaign Targets APAC Governments - Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed "TetrisPhantom." The persistent operation has specifically targeted government institutions in the Asia-Pacific region, utilizing a unique ...
1 year ago Infosecurity-magazine.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
10 months ago Darkreading.com
'ChamelGang' APT Disguises Espionage Activities With Ransomware - A likely China-backed advanced persistent threat group has been systematically using ransomware to disguise its relatively prolific cyber-espionage operations for the past three years, at least. The threat actor, who researchers at SentinelOne are ...
6 months ago Darkreading.com
Iranian Phishing Campaign Targets Israel-Hamas War Experts - Iran-linked threat actors are targeting high-profile researchers working on the Israel-Hamas conflict via a sophisticated social engineering campaign, according to Microsoft Threat Intelligence. The threat actor Mint Sandstorm, which has ties to ...
1 year ago Infosecurity-magazine.com
Chinese APT Hackers Earth Krahang Exploits Government Exchange Servers - A new Advanced Persistent Threat campaign, dubbed Earth Krahang, has emerged with a focus on infiltrating government entities across the globe. This campaign, active since early 2022, has been linked to a China-nexus threat actor, previously ...
10 months ago Cybersecuritynews.com
Sophos: Cyber Security Professional Burnout Is Widespread, Creating Risk for APAC Organisations - Many cybersecurity professionals with burnout in APAC have suffered in silence for years. The Sophos report, The Future of Cybersecurity in Asia-Pacific and Japan, found burnout and fatigue are widespread, with nine out of 10 employees impacted on ...
10 months ago Techrepublic.com
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
1 year ago Hackread.com
Russian FSB Cyber Espionage: Navigating the Threat Landscape - The field of cybersecurity is always changing, and recent developments have refocused attention on Russian hackers and their purported participation in an elaborate cyber-espionage scheme. Russian security chief agency Federal Security Service is ...
1 year ago Cysecurity.news
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs - Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and ...
1 year ago Microsoft.com
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
8 months ago Darkreading.com
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
8 months ago Darkreading.com
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
1 year ago Go.theregister.com
From Social Engineering to DMARC Abuse: TA427's Art of Information Gathering - Key takeaways  TA427 regularly engages in benign conversation starter campaigns to establish contact with targets for long-term exchanges of information on topics of strategic importance to the North Korean regime. In addition to using specially ...
9 months ago Proofpoint.com
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts - Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. ...
1 year ago Thehackernews.com
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
1 year ago Darkreading.com
In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities - You have a preview view of this article while we are checking your access. When we have confirmed access, the full article content will load. A monthslong hacking campaign targeted the governments of regional rivals, including Israel, and marked a ...
1 year ago Nytimes.com
Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks - The hacker group known as Cloud Atlas targeted a Russian agro-industrial enterprise and a state-owned research company in a new espionage campaign, researchers have found. Cloud Atlas is a state-backed threat actor, active since at least 2014, that ...
1 year ago Therecord.media
New Campaign Targets Middle East Governments with IronWind Malware - Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a ...
1 year ago Thehackernews.com
New TetrisPhantom hackers steal data from secure USB drives on govt systems - A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region. Secure USB drives store files in an encrypted part of the device and are used to safely ...
1 year ago Bleepingcomputer.com
Scarred Manticore Targets Middle East With Advanced Malware - An ongoing Iranian espionage campaign led by Scarred Manticore, an actor associated with the Ministry of Intelligence and Security, has been observed targeting high-profile organizations in the Middle East, particularly in the government, military ...
1 year ago Infosecurity-magazine.com
iSoon's Secret APT Status Exposes China's Foreign Hacking Machination - A trove of leaked documents has revealed the Chinese government works with private sector hackers to spy on foreign governments and companies, domestic dissidents, ethnic minorities, and more. On Feb. 16, an anonymous individual with unknown motives ...
10 months ago Darkreading.com
Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)