During the first three months of the year, Kaspersky Lab researchers discovered a wave of new APT activitybased mainly in Asia – more than 30% of Q1 reports were dedicated to threat operationsin this region. A peak of activity was also observed in the Middle East with a number of new techniques used by actors. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.
In the first quarter of 2018, Kaspersky Lab researchers continued to detectcyber activities by advanced persistent threat (APT) groups speaking languages including Russian, Chinese, English and Korean, among others. And while some well-known actors didn’ts how any noteworthy activity, a rising number of APT operations and new threat actors were detected in the Asian region. This rise is explained in part by the Olympic Destroyer malware attack on the Pyeongchang Olympic Games.
Kaspersky Lab also detected a peak of threat activity in the Middle East. For example, the StrongPityAPT launched a number of new Man-in-the-Middle (MiTM) attacks on internet service provider (ISP) networks. Another highly skilled cybercriminal group, the Desert Falcons, returned to target Android devices with malware previously used in 2014.
Also, in Q1, Kaspersky Lab researchers discovered several groups routinely targeting routers and networking hardware in their campaigns, an approach adopted years ago by actors such as Regin and CloudAtlas. According to experts, routers will continue to be a target for attackers as a way of getting a foothold in a victim´s infrastructure.
“During the first three months of the year we saw a number of new threat groups of different levels of sophistication, but which, overall, were using the most common and available malware tools. At the same time, we observed no significant activity from some well-known actors. This leads us to believe that they are rethinking their strategies and reorganizing their teams for future attacks.” said Vicente Diaz, Principal Security Researcher at Kaspersky Lab GReAT team.
The newly published Q1 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the firstquarter of 2018, Kaspersky Lab’s Global Research and Analysis Team created 27 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.