Kaspersky's latest Advanced Persistent Threats (APTs) trends report reveals bustling APT activity in the first quarter of 2023, with a mix of new and established actors spotted engaging in a range of campaigns. The report shows that, during this time, APT actors have been busy updating their toolsets and expanding their attack vectors both in terms of geographical location and target industries.
During the first three months of this year, Kaspersky researchers have uncovered new tools, techniques and campaigns launched by APT groups in cyberattacks around the world. The APT trends report is derived from Kaspersky’s private threat intelligence research and major developments, plus cyber incidents that researchers believe everyone should be aware of. The report highlighted several trends, including:
New techniques and updated tools
APT actors have been continuously looking for new ways to perform their attacks in order to avoid detection and achieve their goals. In Q1 2023, Kaspersky researchers have seen that established threat actors such as Turla, MuddyWater, Winnti, Lazarus, and ScarCruft - which have been in the APT arena for many years - are not standing still and continue to develop their toolsets. For instance, Turla has been spotted using TunnusSched backdoor, a relatively unusual tool for this group, which Tomiris has been known to employ. This demonstrates how established APT actors are adapting and evolving their tactics to stay ahead of the game.
There have also been campaigns from newly discovered threat actors such as Trila targeting Lebanese governmental entities.
More industries becoming an interest subject for APT actors
APT actors continue to expand beyond their traditional victims, such as state institutions and high-profile targets, to include aviation, energy, manufacturing, real estate, finance, telecoms, scientific research, IT, and gaming sectors. Such companies possess substantial amounts of data that serve strategic requirements related to national priorities, or create additional accesses and vectors to facilitate future campaigns.
Geographical expansion
Kaspersky experts have also witnessed advanced actors performing attacks with a focus on Europe, the US, the Middle East, and various parts of Asia. While most actors previously targeted victims in specific countries, more and more APTs are now targeting victims globally. For instance, MuddyWater, an actor that previously showed a preference for targeting Middle Eastern and North African entities, has expanded its malicious activity to organizations in Azerbaijan, Armenia, Malaysia, and Canada, in addition to its previous targets in Saudi Arabia, Turkey, UAE, Egypt, Jordan, Bahrain, and Kuwait.
“While we have been tracking the same APT actors for decades, it’s clear they are continually evolving with new techniques and toolsets. Additionally, the emergence of newly developed threat actors means the APT landscape is rapidly changing, especially in these turbulent times. Organizations must remain vigilant and ensure they are equipped with threat intelligence and the appropriate tools to defend against existing and emerging threats. By sharing our insights and findings, we aim to empower cybersecurity professionals to be prepared against high-profile threats,” comments David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).
To read the full APT Q1 2023 trends report, please visit Securelist.
In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:
- Update Microsoft Windows OS and other third-party software as soon as possible and do so regularly
- Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
- For endpoint level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response.
- In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform.
- As many targeted attacks start with phishing or other social engineering techniques, introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.