A naukri.com initiative
Securelist
4w
93
Image Credit: Securelist
APT trends report Q3 2024
- Kaspersky's Global Research and Analysis Team (GReAT) has released its quarterly summary of advanced persistent threat (APT) activity for Q3 2024.
- The P8 framework was discovered by Kaspersky during the second half of 2022. In 2023, there were further attacks conducted using new malicious tools called Spectral Viper.
- The Awaken Likho APT campaign first emerged in July 2021, targeting government organizations and contractors. The group has readjusted its tactics on two occasions in 2024.
- Epeius is a commercial spyware tool developed by an Italian company and turned to by law enforcement agencies. Kaspersky has discovered a DEX file attributed to Epeius malware, which it analyzed last year.
- MuddyWater continues to use PowerShell executions in its attacks. Recently we uncovered the implants used in its intrusions, which are still active and span numerous government and telecoms entities in Egypt, the UAE and other countries.
- Kimsuky groups use the ServiceChanger malware in its attacks and creates backdoor accounts to use RDP connections under the names 'Guest' and 'IIS_USER', borrowing code from UACME.
- Dragon Breath primarily targets online gaming and gambling industries. Judging by the nature of the infection vector, Kaspersky cannot yet determine the target audience for recent attacks.
- PhantomNet has changed its persistence mechanism so that the payload is now stored in an encrypted manner in the Windows registry, alongside an associated loader to retrieve the payload from the registry.
- Kaspersky also discovered new malware via an investigation into a cyberattack on the Brazilian education and government sectors that occurred in April.
- Threat actors have broadened their targeting, in terms of both verticals and geography this quarter.
Read Full Article
5 Likes
For uninterrupted reading, download the app