The Show Must Go On for State-Sponsored APT Groups

Group-IB has identified ongoing trends where physical disruption of infrastructure is being replaced by cyber espionage from state-backed threat actors. Cybercriminals are regularly updating their intrusion tools, while several new groups are in the making.

Key insights

APT groups from China, Pakistan, Russia, and Iran carried out at least 22 attack campaigns in Europe.
  • Asia Pacific is the most targeted region by state-sponsored threat actors with 34 campaigns being spotted in this region. The most active APT groups were from China, North Korea, Iran, and Pakistan.
  • Pro-government attackers from Iran, Pakistan, Turkey, China, and Gaza carried out 18 campaigns in the Middle East and Africa. In all, more than 500 successful ransomware attacks in more than 45 countries were reported.
  • Most state-sponsored threat actors originate from China (23 APT groups), Iran (8), North Korea (4), Russia (4), India (3), and Pakistan and Gaza (2 each). South Korea, Turkey, and Vietnam reportedly have only one APT group each. 

Attack vectors

  • Threat actors have set new records by launching 2.3 Tb per second and 809 million packets per second DDoS attacks. 
  • The BGP hijacking and route leaks are still a serious problem, and threat actors are frequently exploiting these methods as well.

Additional information

  • The nuclear industry is becoming a hot target for state-sponsored attackers. Recently, nuclear energy facilities in Iran and India were targeted by state-sponsored threat actors. 
  • Recently, at least 11 groups affiliated with intelligence services were seen targeting the telecommunications sector. The main objective of threat actors is spying on telecommunications operators or disabling infrastructure.

Conclusion

APT groups are now changing their tactics and focusing on the disruption of critical infrastructure. Thus, experts suggest organizations to proactively counter such threats by operationalizing the threat intelligence on APT groups and bolstering the security of their internet-connected infrastructure.

Cyware Publisher

Publisher

Cyware