SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Encryption
Kaspersky uncovers APT campaign targeting APAC government entities
Thu, 19th Oct 2023
Author image
By Shannon Williams, Journalist
Follow us

Kaspersky researchers have discovered a persistent campaign compromising a specific type of secure USB drive, used to provide encryption for safe data storage. 

Dubbed TetrisPhantom, this espionage effort targets government entities in the Asia-Pacific region, and shows no discernible overlap with any known threat actor. 

In early 2023, Kaspersky's Global Research and Analysis team uncovered a long-running espionage campaign operated by a previously unknown actor. The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems. 

These secure USB drives are employed by government organisations worldwide, implying that more entities might potentially fall prey to similar techniques.

The campaign comprises various malicious modules, through which the actor can gain extensive control over the victims device. This allows them to execute commands, collect files and information from compromised machines, and transfer them to other machines using the same or different secure USB drives as carriers. 

Additionally, the APT is proficient in executing other malicious files on the infected systems.

Kaspersky researchers report there are a limited number of victims, highlighting the highly targeted nature of the attack.

"Our investigation reveals a high-level of sophistication, including virtualisation-based software obfuscation, low-level communication with the USB drive using direct SCSI commands, and self-replication through connected secure USBs," says Noushin Shabab, senior security researcher at Kasperskys Global Research and Analysis Team (GReAT).

"These operations were conducted by a highly skilled and resourceful threat actor, with a keen interest in espionage activities within sensitive and safeguarded government networks," Shabab says.

Kaspersky researchers have not observed any overlaps with any existing threat actor, but with this attack campaign still ongoing, experts continue to track its progress, and expect to see more sophisticated attacks from them in the future.

In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:

  • Regularly update your operating system, applications, and antivirus software to patch any known vulnerabilities. 
  • Be cautious of emails, messages, or calls asking for sensitive information. 
  • Verify the senders identity before sharing any personal details or clicking at suspicious links. 
  • Provide your SOC team with access to the latest threat intelligence (TI). 
  • The Kaspersky Threat Intelligence Portal is a single point of access for the company's TI, providing cyberattack data and insights gathered by Kaspersky spanning over 20 years. 
  • Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
  • For endpoint level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response.
Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
ExtraHop report shows Singapore firms vulnerable to ransomware attacks
Jason Haddix joins Flare as Field Chief Information Security Officer
Ransomware threats escalating in Southeast Asia – report
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds