The Kaspersky Cyber Threat
Intelligence team analyzed around one hundred incidents that transpired across
different regions worldwide, starting from 2022. The team utilized the Unified
Kill Chain methodology to conduct a comprehensive study of the attackers'
actions, basing their findings on the TTPs employed by the analyzed groups.
Within the report, experts provide insights into five specific incidents that
occurred in Russia and Belarus, Indonesia, Malaysia, Argentina, and Pakistan -
each of which stands as a representation of the geo-distributed nature of the
In this extensive 370-page analytical report, the TTPs used by APT groups at each stage of the attack process are meticulously documented. Additionally, the report offers recommendations on combating such attacks, and includes Sigma rules that can be used to detect them.
To ensure it is globally accessible and can be understood by researchers and security specialists, this study leans heavily on internationally renowned threat analysis tools, practices, and methodologies, such as MITRE ATT&CK, F3EAD, David Bianco's Pyramid of Pain, Intelligence Driven Incident Response, and the Unified Cyber Kill Chain.
The research reveals that, despite numerous attacks, the range of techniques encountered remains limited, allowing researchers to delve more deeply into their analysis. Here are some of the key findings:
The systematization of various TTPs used by attackers has led to the development of a specific set of meticulously crafted SIGMA rules, aiding security specialists in detecting potential attacks within their infrastructure.
“In the world of cybersecurity, knowledge is the key to resilience. Through this report, we aim to empower security specialists with the insights they need to stay ahead of the game and safeguard against potential threats. We urge the entire cybersecurity community to join us in this knowledge-sharing mission for a stronger and more secure digital landscape," comments Nikita Nazarov, Head of Threat Exploration at Kaspersky.
Kaspersky researchers continuously discover new tools, techniques, and campaigns launched by APT groups in cyberattacks around the world. The company’s experts monitor over 900 operations and groups, with 90% being related to espionage. They actively share their latest findings and exclusive insights through the Kaspersky Threat Intelligence Portal (TIP). Kaspersky TIP is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky spanning over 20 years.
The full report, titled Modern Asian APT groups: Tactics, Techniques and Procedures, is available on Securelist.com.