Kaspersky unmasked the cybercriminal groups who operated and are still operating in Southeast Asia (SEA). Findings of the global cybersecurity company reveal a major trend in the SEA’s threat landscape—increased activity of major Advanced Persistent Threat (APT) groups waging sophisticated cyberespionage.
APT are are complex attacks, consisting of many different components, including penetration tools and network propagation for example, all designed with one objective in mind: undetected access to sensitive information. Even small companies are vulnerable to APTs—and need a strategy to mitigate them.
Hungry for intelligence and data, 2019 was a busy year for cybercriminals as they launch new attack tools, including spying through mobile malware to achieve their goal to steal information from government and military entities and organisations across the region.
“The region is home for countries with very diverse ethnicities, political views, and economic development. This shapes the diversity of cyberattacks in Southeast Asia and drives regional arms race. What is common for most of the countries is the intent to develop capacity to launch cyberattacks. We see how APT attackers have been running their operations for years, developing better tools, becoming more attribution-cautious, technically more advanced and eager to go for higher aims,” explains Vitaly Kamluk, Director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.
Kaspersky further shares the main APT groups and the types of malware which defined the threat landscape in Southeast Asia in 2019 and until 2020:
- HoneyMyte (Targets in SEA: Myanmar, Singapore, Vietnam)
This group started a new spearphishing campaign in mid-2018 which continued through 2019 and targeted different government organisations from Central and Southeast Asian countries with victims also remotely located in other countries and regions.
- FunnyDream (Targets in SEA: Malaysia, Philippines, Thailand, Vietnam)
In early 2020 Kaspersky has published a report based on its investigation of an ongoing attack campaign called “FunnyDream”. This Chinese-speaking actor has been active for at least a few years and possesses different implants with various capabilities.
- Platinum (Targets in SEA: Indonesia, Malaysia, Vietnam)
Platinum is one of the most technologically advanced APT actors with a traditional focus on the Asia Pacific (APAC) region. In 2019, Kaspersky researchers have discovered Platinum using a new backdoor which was dubbed as “Titanium”, named after a password to one of the self-executable archives.
- Cycldek (Targets in SEA: Laos, Philippines, Thailand, Vietnam)
Cycldeck is also known as Goblin Panda and is infamous for conducting information theft and espionage across the government, defence, and energy sectors in the region using PlugX and HttpTunnel malware variants.
- Finspy (Targets in SEA: Indonesia, Myanmar, Vietnam)
FinSpy is spyware for Windows, macOS, and Linux that is sold legally. It can be installed on both iOS and Android with the same set of functions available for each platform. The app gives an attacker almost total control over the data on an infected device.
- PhantomLance (Targets in SEA: Indonesia, Malaysia, Vietnam)
Another mobile malware which affected several nations in Southeast Asia is PhantomLance, a long-term espionage campaign with spyware Trojans for Android deployed in different application markets including Google Play.
- Zebrocy (Targets in SEA: Malaysia, Thailand)
Zebrocy is a Russian-speaking APT which initially shared limited infrastructure, targets, and interests with Sofacy. Zebrocy also shared malware code with past BlackEnergy/Sandworm; and targeting, and later very limited infrastructure with more recent BlackEnergy/GreyEnergy.
“Combining machine learning and human knowledge through our GReAT researchers, we are currently monitoring over 100 APT groups and operations globally, regardless of their origin. Our organic, technical reports give companies, governments, and non-commercial organisations a comprehensive look at the current threat landscape, which eventually guide them in mapping their defences better. We also advocate information sharing in the industry, like the intelligence-sharing pact we renewed last year with the INTERPOL, as we believe that cooperation is the best way to get the upper hand against these cyberespionage groups,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
CLICK HERE FOR LATEST NEWS.
READ CURRENT AND PAST ISSUES OF IAA.
KEEP YOURSELF UPDATED, SUBSCRIBE TO IAA NOW!