Skip to main content

Kaspersky Lab finds Asia and Middle East top targets for new threat actors in Q1 2018

April 12, 2018

Focus on Asia and Middle East, along with other trends, covered in Kaspersky Lab’s Q1 2018 threat intelligence report.

Woburn, MA –April 12, 2018 – During the first three months of the year, Kaspersky Lab researchers discovered a wave of new advanced persistent threat (APT) activity based mainly in Asia, with more than 30 percent of Q1 reports dedicated to threat operations in this region. A peak of activity was also observed in the Middle East with a number of new techniques used by threat actors. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

In the first quarter of 2018, Kaspersky Lab researchers continued to detect cyber activities by APT groups speaking languages including Russian, Chinese, English and Korean, among others. While some well-known actors didn’t show any noteworthy activity, a rising number of APT operations and new threat actors were detected in the Asian region. This rise is explained in part by the OlympicDestroyer malware attack on the PyeongChang Olympic Games.

Highlights in Q1 2018 include:

  • Continuous rise of Chinese-speaking activity, including the ShaggyPanther cluster of activity targeting government entities mainly in Taiwan and Malaysia, and CardinalLizard, which in 2018 increased its interest in Malaysia alongside an existing focus on the Philippines, Russia and Mongolia;
  • Recorded APT activity in South Asia. Pakistan military entities have been under attack from the newly discovered Sidewinder group;
  • IronHusky APT apparently stops targeting Russian military actors and transfers all its efforts to Mongolia. At the end of January 2018, this Chinese-speaking actor launched an attack campaign on Mongolian government organizations before their meeting with the International Monetary Fund (IMF);
  • Korean peninsula remains in focus. The Kimsuky APT, targeting South Korean think tanks and political activities, has renewed its arsenal with a completely new framework designed for cyberespionage and used in a spear-phishing campaign. Furthermore, a subset of the infamous Lazarus group, Bluenoroff, has shifted to new targets including cryptocurrency companies and Point of Sales (PoS).

Kaspersky Lab also detected a peak of threat activity in the Middle East. For example, the StrongPity APT launched a number of new Man-in-the-Middle (MiTM) attacks on internet service provider (ISP) networks. Another highly-skilled cybercriminal group, the Desert Falcons, returned to target Android devices with malware previously used in 2014.

Also in Q1, Kaspersky Lab researchers discovered several groups routinely targeting routers and networking hardware in their campaigns, an approach adopted years ago by actors such as Regin and CloudAtlas. According to experts, routers will continue to be a target for attackers as a way of getting a foothold in a victim’s infrastructure.

“During the first three months of the year, we saw a number of new threat groups of different levels of sophistication, but which overall, were using the most common and available malware tools,” said Vicente Diaz, principal security researcher, Global Research and Analysis Team, Kaspersky Lab. “At the same time, we observed no significant activity from some well-known actors. This leads us to believe that they are rethinking their strategies and reorganizing their teams for future attacks.”

The newly published Q1 APT trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the first quarter of 2018, Kaspersky Lab’s Global Research and Analysis Team created 27 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

For more information, please read the blog post on Securelist.com or contact: intelreports@kaspersky.com

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Media Contact
Jessica Bettencourt
774.451.5142
Jessica.Bettencourt@kaspersky.com

Kaspersky Lab finds Asia and Middle East top targets for new threat actors in Q1 2018

Focus on Asia and Middle East, along with other trends, covered in Kaspersky Lab’s Q1 2018 threat intelligence report.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases