Increasing cyber attacks
ESET security experts are recording increasing attacks by APT (Advanced Persistent Threat) groups with connections to China, North Korea and Russia on EU states and organizations in these countries. Using fake job offers from the aviation company Boeing, the Lazarus Group tried to steal access data from employees of a Polish defense company. Ke3chang and Mustang Panda, actors with ties to China, have also attacked European companies. In the context of the Ukraine war, Russian APT groups remain very active and are increasingly relying on wiper malware. In their current APT report, the ESET researchers also look at global developments. The report is available online at WeLiveSecurity .
“The insights from these analyzes and observations are an important building block in ESET technologies and contribute to their continuous improvement,” says Jan-Ian Boutin, Director of ESET Threat Research.
APT groups operate globally
The Chinese-allied group Ke3chang relied on new methods such as the use of a new Ketrican variant. Mustang Panda used two new backdoors. The APT group MirrorFace targeted Japan and used new methods to spread malware. During Operation ChattyGoblin, the group targeted the support representative of a gaming company in the Philippines in an attempt to compromise the company. India-aligned groups SideWinder and Donot Team continued to target government institutions in South Asia, with the former targeting the education sector in China and the latter further developing its infamous yty framework but also using the commercially available Remcos RAT.
Lazarus Group attacks European arms company
The Lazarus group, which is allied with North Korea, targeted employees of a Polish defense company with a fake Boeing job offer. The group acted similarly in India and approached a data management company with an Accenture lure. ESET also identified Linux malware that was used in one of the campaigns. Similarities to this newly discovered malware support the theory that the notorious North Korea-aligned group is behind the 3CX supply chain attack.
Russian APT groups are active in the EU and Ukraine
Russian-allied APT groups were primarily active in Ukraine and EU countries: Sandworm used wipers (including a new one that ESET calls SwiftSlicer). Gamaredon, Sednit and the Dukes used spearphishing emails. In the case of the Dukes, a red team implant known as Brute Ratel was carried out. Finally, ESET discovered that the Zimbra email platform was also being exploited by Winter Vivern, a group primarily active in Europe. Researchers also found a significant decline in activity from SturgeonPhisher, a group that targets government employees in Central Asian countries with spearphishing emails, leading ESET researchers to believe the group is currently retooling.
Further technical information can be found in the “ESET APT Activity Report” on WeLiveSecurity .
Source:
Press portal
Already read?
How rip-offs are taking advantage of the energy crisis
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )