New tools, open source threats and hacktivism: Kaspersky reveals key trends for the current APT landscape

• Exploitation of open-source threats. One major development this quarter was the backdooring of XZ, an open-source compression utility widely used in popular Linux distributions. The attackers employed social engineering techniques to gain persistent access to the software development environment. Kaspersky’s GReAT uncovered several details explaining why this threat remained undetected for years. One key factor was that the attackers implemented an anti-replay feature to prevent the capture or hijacking of backdoor communications. Additionally, they used a custom steganography technique within the x86 code to conceal the public key required for decrypting the backdoor.
• Hacktivist attacks. Hacktivist activity has been a significant aspect of the threat landscape this quarter. While geopolitics often drives malicious actions, not all notable attacks in Q2 were linked to active conflict zones. A prime example is the Homeland Justice group’s attacks on entities in Albania. The attackers managed to exfiltrate over 100 TB of data, disrupt official websites and email services, and wipe database servers and backups, causing extensive damage to the targeted organizations.
• Toolsets updates. Kaspersky’s GReAT highlights that the attackers took time to update their toolsets. In early 2023, the threat actor GOFFEE was discovered when it began using a modified version of Owawa, a monitored malicious IIS module. Since then, GOFFEE has stopped using both Owawa and the PowerShell-based RCE implant, VisualTaskel. However, it has continued its intrusions by leveraging PowerTaskel, its earlier HTA-based infection chain. Additionally, GOFFEE has expanded its toolkit by introducing a new loader, disguised as a legitimate document and distributed via email, further enhancing its ability to infiltrate targets.
• Geographical spread. No single region stood out as a hotbed for APT attacks this quarter. Instead, activity was widespread, affecting all regions. This quarter, APT campaigns targeted Europe, the Americas, Asia, the Middle East, and Africa, highlighting the global reach and impact of these threats.

‘APTs continuously evolve, adapting their tactics and expanding their reach, making them a relentless force in the cyber landscape. To combat these ever-changing threats, it’s crucial that the cybercommunity unites, sharing information and collaborating across borders. Only through collective vigilance and open communication can we stay one step ahead and safeguard our digital world,’ comments David Emm, Principal Security Researcher at Kaspersky’s GReAT.

More exclusive research on the most complex threats will be unveiled at the upcoming Security Analyst Summit (SAS), set to take place for the sixteenth time from October 22-25, 2024, in Bali.

To learn more about the APT threat landscape in Q2 2024, visit Securelist.com.

Kaspersky’s GReAT actively shares their latest findings and exclusive insights through the Kaspersky Threat Intelligence Portal (TIP).

Also read: At Jar, we’ve leveraged cutting-edge technology to enhance our platform’s efficiency and user-friendliness, says Nishchay Ag, Co-founder and CEO of Jar

Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.