This year, several notorious threat groups are on a cyberespionage binge. This trend shows no signs of slowing down even during the ongoing pandemic.
DeathStalker APT was found launching cyberespionage campaigns against targets spread across Europe and Latin America. The malware toolchains used by the group include Janicub, Evilnum, and Powersing. Evilnum was spotted to be spying on the targeted firms and their customers.
What does this imply?
The group chooses its victims based on the latter’s perceived value or customer base. Moreover, they have been identified targeting diplomatic entities as well. However, any organization operating in the financial sector is more likely to garner the attention of DeathStalker.
Recent cyberespionage attacks
- The Transparent Tribe APT group was found deploying a novel mobile malware tool in its cyberespionage campaigns. The threat actors have been primarily targeting Android users with spyware impersonating popular apps.
- In another cyberespionage campaign, an international architecture firm was targeted. The attackers exploited a vulnerability in the Autodesk software to infiltrate the targeted network.
- The NSA and the FBI issued an advisory detailing the deployment of the Drovorub malware by APT28, popularly known as Fancy Bear. This malware has been designed to target Linux systems as part of the threat actor’s cyberespionage campaigns.
- A mix of smaller attacks is anticipated to be more profitable for threat actors as they can evade detection for longer periods.
- One of the goals of nation-sponsored threat actors is to achieve the transfer of technology.
The bottom line
The primary way to evade cyber threats is to keep security vulnerabilities patched and develop an effective threat response capability. To fend off more advanced threats, organizations need to stay ahead of the adversaries by collecting and operationalizing the relevant threat intelligence related to such sophisticated threat groups.