Newly discovered iOS malware and recently updated toolsets emerge as significant cybersecurity threats. Key developments in the APT landscape include the exposure of the ongoing “Operation Triangulation,” involving a previously unidentified iOS malware platform, the emergence of fresh threat actors, and the enhancement of existing threats.
The cybersecurity landscape of Q2 2023 witnessed significant trends, including the emergence of fresh Advanced Persistent Threat (APT) actors, the adoption of updated toolkits, the development of new malware variations, and the utilization of novel techniques by cybercriminals.
In the Asia-Pacific region, a new group of APT actors known as “Mysterious Elephant,” affiliated with the ‘Elephants’ family, garnered attention for deploying new backdoor families in their operations. These backdoor families exhibited the ability to execute files and commands from a malicious server on the compromised system. A detailed report by Kaspersky provided insights into these activities.
Furthermore, a continuous evolution of techniques was observed among threat actors. Lazarus, a prominent cybercrime group, demonstrated this trend by enhancing their MATA framework—a versatile targeted malware framework compatible with multiple platforms.
The report revealed that BlueNoroff, a faction within Lazarus specializing in financial attacks, has adopted novel tactics. These tactics encompass the incorporation of fresh delivery mechanisms and programming languages. Notably, BlueNoroff has employed Trojanized PDF readers in recent campaigns, ventured into macOS malware deployment, and embraced the Rust programming language as part of their strategies.
Furthermore, ScarCruft, another APT collective, has devised innovative infection techniques that circumvent Mark-of-the-Web (MOTW) security measures. This development introduces fresh complexities for cybersecurity experts.
The report emphasized the significant role of geopolitical influences in shaping APT operations. Despite their dispersed geographical origins, APT groups primarily focused their attacks in regions including Europe, Latin America, the Middle East, and diverse areas of Asia.
The report highlighted that cyber espionage, influenced by geopolitical considerations, remained a prominent focal point for these endeavors.
While certain threat actors adhered to familiar strategies such as social engineering, others demonstrated evolution by refreshing their toolsets and broadening their operations. Notably, emerging actors utilized previously unidentified iOS malware to execute zero-click iMessage exploits, as highlighted by David Emm, the principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).
Adrian Hia, Managing Director for APAC at Kaspersky, emphasized that Kaspersky has been actively monitoring all active APT actors in the region, particularly those targeting mobile devices and gradually extending their focus to encompass businesses and critical infrastructure.