Kaspersky reveals extensive report on Asian Advanced Persistent Threat groups
Kaspersky, a cybersecurity company, has released a 370-page report providing comprehensive information about Asian advanced persistent threat (APT) groups. The report provides a detailed account of their tactics, techniques, and procedures (TTPs) and valuable insights into their methods.
The analytical report delineates documented activities from around one hundred global incidents since 2022. Through the Cyber Threat Intelligence Team's hard work, the report provides in-depth observations of five specific incidents that happened in different parts of the world: Russia and Belarus, Indonesia, Malaysia, Argentina, and Pakistan. The report illustrates the globe-spanning nature of these cyber threats.
The report's objective is to enhance understanding of contemporary APT groups and how they operate. It meticulously details the TTPs used by these groups in each attack stage and presents recommendations for combatting such attacks. Also provided are SIGMA rules that can help detect these attacks, making the study globally accessible and understandable to researchers and security specialists.
The report heavily relies on globally renowned threat analysis tools, best practices, and methodologies to guarantee international applicability. These include the MITRE ATT&CK, F3EAD, David Bianco's Pyramid of Pain, Intelligence Driven Incident Response, and the Unified Cyber Kill Chain.
The study discloses that the techniques used remain limited despite the high number of attacks. This allows researchers to delve deeper into their analysis. The research shows that Asian APTs show no regional bias in target selection, with victims spanning the globe.
Notably, they have mastered the use of a combination of strategies, including creating or modifying system process services for privilege escalation and a hijack execution flow for evasion. Most of these groups focus on cyber espionage, with the main targets being the government, industrial, healthcare, IT, agriculture, and energy sectors.
The systematic analysis of various TTPs used by these attackers has led to the development of carefully crafted SIGMA rules, which can assist security specialists in detecting potential attacks within their infrastructure.
Nikita Nazarov, Head of Threat Exploration at Kaspersky, emphasised the critical role of knowledge in cybersecurity resilience. Nikita expressed the company's commitment to equipping security specialists with the necessary insights to proactively stay ahead of potential threats, reinforcing the importance of staying well-informed to safeguard against evolving cybersecurity challenges effectively.
Nikita Nazarov commented, "In the world of cybersecurity, knowledge is the key to resilience. We aim to empower security specialists with the insights they need to stay ahead of the game and safeguard against potential threats."
Continually discovering new tools, techniques, and campaigns launched by APT groups, Kaspersky experts monitor over 900 operations and groups, with 90% related to espionage. They actively share their latest findings and exclusive insights through the Kaspersky Threat Intelligence Portal.
The full report, titled "Modern Asian APT groups: Tactics, Techniques and Procedures," provides over two decades' worth of accumulated cyberattack data and insights from Kaspersky.