The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals. In total, 10 of the 24 research projects on advanced targeted attacks conducted by Kaspersky Lab in Q3 centered around activities attributed to multiple actors in the Chinese region. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.
Research conducted during the period of July-September 2017 revealed a number of developments in the area of targeted attacks by, among others, Chinese-, Russian-, English-, and Korean-speaking threat actors. Chinese criminals in particular were specifically active during this period. Their revitalization has affected not only various organizations, but also government and political bodies as well as huge regional agreements – bringing international relations into the business of advanced targeted attacks.
Highlights in Q3, 2017 include:
Furthermore, in Q3 2017 Kaspersky Lab experts issued several reports on Russian-speaking actors. Most of them were dedicated to financial and ATM attacks, however, one report examined Sofacy’s summertime activity, indicating that the group remained active.
Speaking of English-speaking actors, the third quarter also produced yet another member of the Lamberts: Red Lambert. The Lamberts is a family of sophisticated attack tools that has been used by either one or multiple threat actors against high-profile victims since at least 2008. The Red Lambert is a network-driven backdoor, discovered during the previous analysis of Grey Lambert and utilized instead of hard-coded SSL certificates in command and control communications.
“The targeted threat landscape is evolving constantly, not only in terms of cybercriminals’ being increasingly well-prepared and technologically sophisticated, but also in terms of geography. The rise of Chinese-speaking actors once again demonstrates the importance of investing in threat intelligence and arming organizations with insight on the latest trends and developments,” said Brian Bartholomew, Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab.
The Q3 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the third quarter of 2017, Kaspersky Lab’s Global Research and Analysis Team created 24 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.
For more information, please contact: intelreports@kaspersky.com
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.