CyberSecurityBoard
Sponsor Register Login

Signature Techniques of Asian APT Groups Revealed

The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures employed by Asian Advanced Persistent Threat groups. The 370-page report, Modern Asian APT groups: Tactics, Techniques and Procedures, published today, is based on an examination of around one hundred cybersecurity incidents that unfolded across different regions globally, commencing in 2022. The report documents the TTPs used by APT groups at various stages of the cyber-attack process and offers essential recommendations to combat these threats. One of the key findings of the research is that Asian APTs exhibit no regional bias in target selection, indicating their capability to employ consistent tactics worldwide. These attackers are proficient in combining techniques, particularly the "Create or Modify System Process: Windows technique Service T1543.003" and "Hijack Execution Flow: DLL Side-Loading T1574.002," allowing them to escalate privileges and evade detection. The primary focus of these Asian APT groups is cyber-espionage, with a strong emphasis on gathering sensitive information and funneling it to legitimate cloud services or external channels. The report also highlights rare instances where these groups deviate from this pattern, such as by employing ransomware in their attacks. The industries most frequently targeted by these APT groups include government, industrial, healthcare, IT, agriculture and energy sectors. Kaspersky said the analysis of the TTPs employed by these attackers has led to the creation of specific SIGMA rules. "In the world of cybersecurity, knowledge is the key to resilience," commented Nikita Nazarov, head of threat exploration at Kaspersky. "Through this report, we aim to empower security specialists with the insights they need to stay ahead of the game and safeguard against potential threats. We urge the entire cybersecurity community to join us in this knowledge-sharing mission for a stronger and more secure digital landscape."

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Signature Techniques of Asian APT Groups Revealed

Signature Techniques of Asian APT Groups Revealed - The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures employed by Asian Advanced Persistent Threat groups. The 370-page report, Modern Asian APT groups: Tactics, Techniques and ...
1 year ago Infosecurity-magazine.com
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
1 year ago Techtarget.com Cozy Bear APT29
What is an email signature? - An email signature - or signature block or signature file - is the block of text that appears at the end of an email message that provides more information about the sender. This can include details such as the sender's full name, occupation or job ...
1 year ago Techtarget.com
South Asian APT Hackers Using Novel Tools to Target Critical Sectors - South Asian APT hacker groups have been observed deploying novel cyber tools and techniques to infiltrate critical sectors such as government, finance, and telecommunications. These advanced persistent threats (APTs) leverage custom malware and ...
2 months ago Cybersecuritynews.com CVE-2023-28252 CVE-2023-23397 APT36 Lazarus Group
19 APT Hackers Attacking Asia Company's Servers by Exploiting Vulnerability & Spear Phishing Email - The technical sophistication demonstrated in these attacks highlights the evolving capabilities of APT groups targeting Asian organizations, requiring enhanced security measures and continued vigilance from cybersecurity teams across the region. In ...
6 months ago Cybersecuritynews.com Lazarus Group APT37 APT3
ESET APT Activity Report T3 2022 - ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, ...
2 years ago Welivesecurity.com MuddyWater Mustang Panda POLONIUM
CVE-2025-47934 - OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions ...
5 months ago
Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
2 years ago Securityweek.com
Chinese APT Hackers Using Proxy and VPN to Evade Detection - Chinese APT (Advanced Persistent Threat) hacker groups have increasingly adopted the use of proxies and VPNs to mask their activities and evade detection by cybersecurity defenses. These threat actors leverage these tools to anonymize their network ...
2 months ago Cybersecuritynews.com Chinese APT groups
6 Ransomware Trends & Evolutions For 2023 - More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. ...
2 years ago Trendmicro.com TeamTNT
1 1
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
1 year ago Securityboulevard.com
Ransomware in 2024: Anticipated impact, targets, and landscape shift - As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. Here is what we can expect the ransomware landscape to look like in 2024. In 2024, we'll see more ...
1 year ago Helpnetsecurity.com LockBit
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
6 months ago Cybersecuritynews.com
Southeast Asian cyber fraud industry at ‘inflection point’ as it expands globally | The Record from Recorded Future News - Another one of those areas is the Pacific islands, where criminal groups with connections to the Southeast Asian fraud industry have built up infrastructure like casinos and resorts and have taken advantage of citizenship-by-investment schemes on ...
6 months ago Therecord.media
Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets - Recent analysis reveals that hacktivist groups have developed sophisticated methods for maximizing their visibility and impact, often targeting high-profile entities such as social media platforms, government agencies, and critical infrastructure. ...
3 months ago Cybersecuritynews.com
Harmony Horizon Bridge and Lazarus APT Activities Revealed - SecurityAffairs recently shed light on a report by FireEye security researchers about the activities of the Harmony Horizon Bridge and Lazarus APTs. The report includes a new variant of the Bridge malware named “Ovorum”, as well as the TVShow ...
2 years ago Securityaffairs.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
2 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian
CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
3 years ago
Ransomware Groups Attacking Organizations to Exfiltrate Data & Blackmail via Leak Site Posts - As ransomware operations continue to evolve technically and structurally, organizations must prioritize security fundamentals including multi-factor authentication, continuous patch management, and comprehensive attack surface monitoring to reduce ...
7 months ago Cybersecuritynews.com Black Basta Ransomhub LockBit
Mysterious Elephant APT Hackers Infiltrate Organization - The recent cyberattack by the Mysterious Elephant APT group has raised significant concerns in the cybersecurity community. This advanced persistent threat (APT) group successfully infiltrated a major organization, demonstrating sophisticated tactics ...
4 weeks ago Cybersecuritynews.com CVE-2023-34527 CVE-2023-28252 Mysterious Elephant
China-Linked PlugX and Bookworm Malware Campaigns Targeting Southeast Asia Uncovered - Recent cybersecurity investigations have revealed active campaigns involving China-linked PlugX and Bookworm malware targeting Southeast Asian organizations. These sophisticated malware families have been used by advanced persistent threat (APT) ...
1 month ago Thehackernews.com CVE-2025-1234 CVE-2025-2345 China-linked APT Group
APT Hackers Attacking Maritime and Shipping Industry to Launch Ransomware Attacks - The Turla/Tomiris group has particularly refined this approach, utilizing infected USB drives containing industrial espionage tools that eventually deploy ransomware across entire fleet management networks, effectively holding maritime operations ...
3 months ago Cybersecuritynews.com Mustang Panda CVE-2022-22707 APT41 Turla
Chinese APT Group Targets IT Service Provider in Recent Cyber Espionage Campaign - A recent cyber espionage campaign has been uncovered involving a Chinese Advanced Persistent Threat (APT) group targeting an IT service provider. This attack highlights the increasing sophistication and persistence of state-sponsored threat actors in ...
4 weeks ago Cybersecuritynews.com Chinese APT Group
Purple teaming and the role of threat categorization - Red team assessment, penetration testing, and even purple team assessments are all designed to answer these questions. As attacks get more complex, these assessments struggle to provide comprehensive answers. These assessment services typically test ...
1 year ago Helpnetsecurity.com
Russian hackers target unpatched JetBrains TeamCity servers - Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. APT 29, believed to ...
1 year ago Helpnetsecurity.com CVE-2023-42793 Andariel

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)