Signature Techniques of Asian APT Groups Revealed

The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures employed by Asian Advanced Persistent Threat groups. The 370-page report, Modern Asian APT groups: Tactics, Techniques and Procedures, published today, is based on an examination of around one hundred cybersecurity incidents that unfolded across different regions globally, commencing in 2022. The report documents the TTPs used by APT groups at various stages of the cyber-attack process and offers essential recommendations to combat these threats. One of the key findings of the research is that Asian APTs exhibit no regional bias in target selection, indicating their capability to employ consistent tactics worldwide. These attackers are proficient in combining techniques, particularly the "Create or Modify System Process: Windows technique Service T1543.003" and "Hijack Execution Flow: DLL Side-Loading T1574.002," allowing them to escalate privileges and evade detection. The primary focus of these Asian APT groups is cyber-espionage, with a strong emphasis on gathering sensitive information and funneling it to legitimate cloud services or external channels. The report also highlights rare instances where these groups deviate from this pattern, such as by employing ransomware in their attacks. The industries most frequently targeted by these APT groups include government, industrial, healthcare, IT, agriculture and energy sectors. Kaspersky said the analysis of the TTPs employed by these attackers has led to the creation of specific SIGMA rules. "In the world of cybersecurity, knowledge is the key to resilience," commented Nikita Nazarov, head of threat exploration at Kaspersky. "Through this report, we aim to empower security specialists with the insights they need to stay ahead of the game and safeguard against potential threats. We urge the entire cybersecurity community to join us in this knowledge-sharing mission for a stronger and more secure digital landscape."

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Signature Techniques of Asian APT Groups Revealed

Signature Techniques of Asian APT Groups Revealed - The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures employed by Asian Advanced Persistent Threat groups. The 370-page report, Modern Asian APT groups: Tactics, Techniques and ...
11 months ago Infosecurity-magazine.com
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
11 months ago Techtarget.com
What is an email signature? - An email signature - or signature block or signature file - is the block of text that appears at the end of an email message that provides more information about the sender. This can include details such as the sender's full name, occupation or job ...
10 months ago Techtarget.com
ESET APT Activity Report T3 2022 - ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, ...
1 year ago Welivesecurity.com
Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
1 year ago Securityweek.com
6 Ransomware Trends & Evolutions For 2023 - More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. ...
1 year ago Trendmicro.com
Ransomware in 2024: Anticipated impact, targets, and landscape shift - As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. Here is what we can expect the ransomware landscape to look like in 2024. In 2024, we'll see more ...
11 months ago Helpnetsecurity.com
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
10 months ago Securityboulevard.com
Harmony Horizon Bridge and Lazarus APT Activities Revealed - SecurityAffairs recently shed light on a report by FireEye security researchers about the activities of the Harmony Horizon Bridge and Lazarus APTs. The report includes a new variant of the Bridge malware named “Ovorum”, as well as the TVShow ...
1 year ago Securityaffairs.com
Purple teaming and the role of threat categorization - Red team assessment, penetration testing, and even purple team assessments are all designed to answer these questions. As attacks get more complex, these assessments struggle to provide comprehensive answers. These assessment services typically test ...
10 months ago Helpnetsecurity.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
2 years ago
Ukraine Military Targeted With Russian APT PowerShell Attack - A sophisticated Russian advanced persistent threat has launched a targeted PowerShell attack campaign against the Ukrainian military. The attack is most likely perpetrated by malicious threat actors related to Shuckworm, a group with a history of ...
9 months ago Darkreading.com
Russian hackers target unpatched JetBrains TeamCity servers - Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. APT 29, believed to ...
11 months ago Helpnetsecurity.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
11 months ago Blog.checkpoint.com
Google Groups is ending support for Usenet to combat spam - Google has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content. The upcoming changes will take effect from February 22, 2024, ...
10 months ago Bleepingcomputer.com
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 month ago Securityaffairs.com
FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
5 months ago Securityaffairs.com
SIEM agent being used in SilentCryptoMiner attacks | Securelist - The most interesting action in this attack was the implementation of unusual techniques like using an SIEM agent as backdoor, adding the malicious payload to a legitimate digital signature, and hiding directories containing malicious files. The ...
1 month ago Securelist.com
Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs - Russia-sponsored advanced persistent threat group Turla is now targeting Polish NGOs in a cyberespionage campaign that uses a freshly developed backdoor with modular capabilities, signaling an expansion of the scope of its attacks against supporters ...
9 months ago Darkreading.com
TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities - Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative targets. WinRAR vulnerabilities provide an entry point to manipulate compressed files, potentially executing malicious code on a victim's ...
11 months ago Gbhackers.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
11 months ago Bleepingcomputer.com
CVE-2023-46139 - KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on ...
1 year ago
Cybercrime experts reveal how to infiltrate ransomware gangs The Register - Though it happens rarely, it's always a good day when a ransomware group is taken down by law enforcement. Singapore-based Group-IB celebrated its 20th anniversary in the cybersecurity industry this year, and during this time its researchers have ...
10 months ago Go.theregister.com
Cybercrime experts reveal how to infiltrate ransomware gangs The Register - Though it happens rarely, it's always a good day when a ransomware group is taken down by law enforcement. Singapore-based Group-IB celebrated its 20th anniversary in the cybersecurity industry this year, and during this time its researchers have ...
10 months ago Theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)