Select Page

APT Q1 2023 playbook: advanced techniques, broader horizons, and new targets 

Posted by | May 1, 2023 |

APT Q1 2023 playbook: advanced techniques, broader horizons, and new targets 

Kaspersky’s latest Advanced Persistent Threats (APTs) trends report reveals bustling APT activity in the first quarter of 2023, with a mix of new and established actors spotted engaging in a range of campaigns. The report shows that, during this time, APT actors have been busy updating their toolsets and expanding their attack vectors both in terms of geographical location and target industries.

During the first three months of this year, Kaspersky researchers have uncovered new tools, techniques and campaigns launched by APT groups in cyberattacks around the world. The APT trends report is derived from Kaspersky’s private threat intelligence research and major developments, plus cyber incidents that researchers believe everyone should be aware of. The report highlighted several trends, including:

New techniques and updated tools

APT actors have been continuously looking for new ways to perform their attacks in order to avoid detection and achieve their goals. In Q1 2023, Kaspersky researchers have seen that established threat actors such as Turla, MuddyWater, Winnti, Lazarus, and ScarCruft – which have been in the APT arena for many years – are not standing still and continue to develop their toolsets. For instance, Turla has been spotted using TunnusSched backdoor, a relatively unusual tool for this group, which Tomiris has been known to employ. This demonstrates how established APT actors are adapting and evolving their tactics to stay ahead of the game.

There have also been campaigns from newly discovered threat actors such as Trila targeting Lebanese governmental entities. 

More industries becoming an interest subject for APT actors

APT actors continue to expand beyond their traditional victims, such as state institutions and high-profile targets, to include aviation, energy, manufacturing, real estate, finance, telecoms, scientific research, IT, and gaming sectors. Such companies possess substantial amounts of data that serve strategic requirements related to national priorities, or create additional accesses and vectors to facilitate future campaigns.

Geographical expansion

Kaspersky experts have also witnessed advanced actors performing attacks with a focus on Europe, the US, the Middle East, and various parts of Asia. While most actors previously targeted victims in specific countries, more and more APTs are now targeting victims globally. For instance, MuddyWater, an actor that previously showed a preference for targeting Middle Eastern and North African entities, has expanded its malicious activity to organizations in Azerbaijan, Armenia, Malaysia, and Canada, in addition to its previous targets in Saudi Arabia, Turkey, UAE, Egypt, Jordan, Bahrain, and Kuwait.

david emm

“While we have been tracking the same APT actors for decades, it’s clear they are continually evolving with new techniques and toolsets. Additionally, the emergence of newly developed threat actors means the APT landscape is rapidly changing, especially in these turbulent times. Organizations must remain vigilant and ensure they are equipped with threat intelligence and the appropriate tools to defend against existing and emerging threats. By sharing our insights and findings, we aim to empower cybersecurity professionals to be prepared against high-profile threats,” comments David Emm, a principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).

To read the full APT Q1 2023 trends report, please visit Securelist.

In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:

  • Update Microsoft Windows OS and other third-party software as soon as possible and do so regularly
  • Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
  • For endpoint-level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response.
  • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform.
  • As many targeted attacks start with phishing or other social engineering techniques, introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform.

About The Author

Shima Zamil

Social media Marketing, Creative copywriter, Arabic- English translator, and Community management

Related Posts

Independent Research Firm Cites Trend Micro As A Leader In Enterprise Email Security

Independent Research Firm Cites Trend Micro As A Leader In Enterprise Email Security

June 10, 2019

Kaspersky reports the anomalous growth of the mobile malware in Saudi Arabia in 2021

Kaspersky reports the anomalous growth of the mobile malware in Saudi Arabia in 2021

February 27, 2022

Gartner Survey Finds Only 65 Percent of Organizations Have a Cybersecurity Expert

Gartner Survey Finds Only 65 Percent of Organizations Have a Cybersecurity Expert

July 27, 2018

Deloitte’s Financial Crime Symposium examines regulatory changes and addresses emerging risks in the Middle East

Deloitte’s Financial Crime Symposium examines regulatory changes and addresses emerging risks in the Middle East

March 30, 2023

Latest News

Categories

WP Twitter Auto Publish Powered By : XYZScripts.com