Many Advanced Persistent Threat (APT) groups receive guidance and support from established nation-states. Unlike most threat actors, APT attackers chase their goals for months or even years with a clear objective in mind.
Blessed by countries
- State-sponsored APT groups are organizations that conduct attacks on a country’s information assets related to national security or economic importance, via means of cyberespionage or cyber sabotage.
- While China and Russia stand atop the list of nations linked to the most sophisticated state-sponsored hacking groups, the number of government-linked cyberespionage campaigns from other countries has started to burgeon in recent years.
APTs out and about
- According to Kaspersky researchers, the China-based APT group, CactusPete, is targeting military and financial organizations in Eastern Europe with a new attack campaign. The group is employing a new variant of the Bisonal backdoor to steal information, move laterally inside a network, and execute codes on target machines.
- Recently, Group-IB uncovered a Russian-speaking hacking group, RedCurl, which has conducted 26 corporate espionage attacks, since 2018, in attempts to steal confidential corporate information from victims in the finance, construction, law, retail, and other sectors.
- At Black Hat USA, researchers outlined the "Operation Skeleton Key" attacks performed by a Chinese APT group, Chimera, against numerous semiconductor vendors of Taiwan. The hackers are known to abuse Cobalt Strike, a penetration testing tool and a custom skeleton key obtained by twisting the codes of Dumpert and Mimikatz.
- As per a security alert sent by the FBI a week ago, Fox Kitten (aka Parisite), a group of Iranian government-based hackers has been detected attacking the private and government sectors in the U.S. The threat actors operate by targeting high-end and high-priced network equipment using exploits for newly disclosed vulnerabilities.
The crucial role of global vigilance
From a global standpoint, visibility into these APT groups is getting better, which is good news. Due to coordinated data operations worldwide, countries and businesses are aware of the rising APT activities and are taking them seriously. The information security community has started collaborating and sharing observed Tactics, Techniques, and Procedures (TTPs). This cooperation is needed to alleviate growing threats.