Skip to main content

APT: Criminals used hijacking and fake leaks

By 28 August 2019No Comments

"The APTs, persistent advanced threats, detected in the second quarter of 2019 have targeted or originated in countries such as the Middle East and South Korea. Most of the attacks have focused on cyber-espionage activities or activities aimed at obtaining a economic profit. At least one of the campaigns detected was, however, intended to spread false news.


In May, researchers analyzed a leak resulting from an apparent cyber espionage activity perpetrated by an Iranian entity and concluded that the criminal group behind the attack was Hades, a group also linked to ExPetr and the cyber attack targeting the 2018 Winter Olympic Games.


In the second quarter of 2019, researchers observed some interesting activities in the Middle East by well-known Persian-speaking cybercriminals such as OilRig and MuddyWater. Among these activities were detected the online leakage of news relating to assets such as codes, infrastructures, details on the group and the alleged victims. The leaks came from different sources but were spread within a few weeks of each other. The third online leak, which released information relating to an entity called the "RANA institute", was published in Persian on a website called "Hidden Reality". The analysis carried out by the Kaspersky researchers on the materials, infrastructure and the dedicated website that was used led to the conclusion that this leak could be linked to the Hades criminal group. Hades is the same criminal group behind the OlympicDestroyer incident that targeted the 2018 Olympic Winter Games, as well as the ExPetr worm and various disinformation campaigns such as the leak of emails related to Emmanuel Macron's presidential election campaign in France in the 2017.


Other highlights from the APT trends report found in Q2 2019:

Russian-speaking criminal groups continue to refine and release new tools constantly and launch new operations. For example, since March, Zebrocy appears to have turned its attention to the events, officials, diplomats and military of Pakistan and India, as well as maintaining continuous access to local and remote Central Asian government networks. Turla's attacks continued to present a rapidly evolving toolset and, in one significant case, the apparent hijacking of infrastructure belonging to OilRig.

Activity related to Korea continued to be strong, while the rest of South East Asia had less of this type of activity than in previous quarters. Among the operations to be reported, an attack by the Lazarus group which targeted a mobile gaming company in South Korea and a campaign by BlueNoroff, the Lazarus subgroup, which instead targeted a bank located in Bangladesh. and crypto-currency software.


The researchers also observed an active campaign targeting Central Asian government agencies perpetrated by a Chinese APT SixLittleMonkeys group, using a new version of the Microcin Trojan and a RAT (named HawkEye).


The second quarter of 2019 shows how confusing and unclear the threat landscape has become and how often things look different than reality. Among other things, we got to observe one threat author hijacking a smaller group's infrastructure and detected another group exploiting a variety of online leaks to spread disinformation and undermine credibility of the assets exposed. Those involved in security must not be fooled and must be able to reconstruct the facts and make the true threat intelligence on which cybersecurity is based. As always it is important to point out that the visibility we can have is not complete and there are activities that we have not yet detected or have not yet been fully understood - so protection against known and unknown threats remains vital for everyone. "



#digife #website #website #ecommerce #ecommerce #webdesign #seo #digitalmarketing #graphicdesign #business #websitedesign #webdevelopment #webdesigner #branding #webdeveloper #socialmediamarketing #entrepreneur #startup #digital #malware #hacker #hacking #security #virus #cybercrime #antivirus #cyberattack #spyware



Can we help you? Chat