APT actors are continuously changing their tactics, sharpening their toolsets and developing new techniques. To help users and businesses keep up with these changes and stay informed about the potential threats they might face, Kaspersky’s Global Research and Analysis (GReAT) team provides quarterly reports about the most important developments across the advanced persistent threat landscape. The three-month APT trends report is created using Kaspersky’s private threat intelligence research and includes major developments and cyber-incidents that researchers believe everyone should be aware of.
In the second quarter of 2022, Kaspersky researchers discovered a new, highly active campaign which had started in March and targeted stock and cryptocurrency investors. This is unusual considering most APT actors do not pursue financial gain. The actor used cryptocurrency-related contents and complaints from law enforcement as themes to lure its victims. The infection chains involved remote template injection, spawning a malicious macro which starts a multi-stage infection procedure using Dropbox. After beaconing the victim’s host information, the malware then attempts to fetch the final stage payload.
Luckily, Kaspersky experts had a chance to acquire the final stage payload, consisting of several modules used for exfiltrating sensitive information from the victim. By analyzing this payload, Kaspersky researchers found additional samples that had been used a year ago during another campaign against entities in Mexico and UK.
Kaspersky experts do not see any precise connections to known threat actors, however they believe that they are familiar with the Korean language and have utilized a similar tactic previously used by the Konni group to steal the login credentials for a renowned Korean portal. The Konni group is a threat actor which has been active since mid-2021, mostly targeting Russian diplomatic entities.
“Over the course of several quarters, we have seen APT actors turn their attention to the cryptocurrency industry. Using various techniques, the actors seek not only information, but money as well. This is an unusual, but increasing, tendency for the APT landscape. In order to combat the threats, organizations need to gain visibility across the recent cyberthreat landscape. Threat intelligence is an essential component that enables reliable and timely anticipation of such attacks,” comments David Emm, principal security researcher at Kaspersky’s GReAT.
To read the full APT Q2 2022 trends report, please visit Securelist.com
In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.