In the second quarter of 2024, the Global Research and Analysis Team (GreAT) at the Russian research center Kaspersky found, although some … Sources of danger As usual, some other threat sources have updated their tools and expanded their activities.
According to the Centre’s readings, the number of campaigns has increased Cyber espionage Advancing across sectors, with governments, militaries, communications, and judicial systems facing the greatest number of threats worldwide.
Here are the key takeaways from our latest APT report:
Using open source threats
Perhaps one of the major developments of the quarter was the advancement of the XZ, a compression device Open source They are widely used in popular Linux distributions.
Attackers used social engineering techniques to gain permanent access to the software development environment. Kaspersky GReAT’s global research and analysis team has revealed many details about why this threat went undetected for years.
Implementation was one of the main factors attackers Anti-reboot feature to prevent background connections from being captured or hijacked.
In addition to the above, the attackers used a standard stealth method within the 86x code to obtain the public key needed to decrypt the backup.
Hacker attacks
Hacker activity was an important part of the threat landscape in the quarter and geopolitics is often a driver of malicious activities, however, not all high-profile attacks were connected to active conflict zones.
The most prominent of these activities are the attacks launched by the Iranian-funded group Homeland Justice on organizations in Albania, where the attackers were able to access more than 100 terabytes of steal data, disrupt official websites and email services, and crash database servers. and backups, which caused significant damage to the targeted companies.
Updates for toolkit
The report by Kaspersky GReAT global research and analysis team revealed that attackers took time to update their devices.
In early 2023, a threat named GOFFEE was discovered when it started using a modified version of the Owawa module, a malicious module monitored by Internet Information Services (IIS).
GOFFEE Group has since stopped using the Owawa module and VisualTaskel, a Remote Code Execution (RCE) implant based on the PowerShell interface.
However, the group continued their hacking work using PowerTaskel as the HTML-based infection chain (known as HTA).
In addition, GOFFEE has expanded its tool by introducing a new download disguised as a legitimate document and distributed via email, increasing its ability to compromise targets .
Geographic distribution
No region stood out as a particular hotbed of APT attacks this quarter, but activity was widespread and influential across all regions.
During the quarter, APT campaigns targeted Europe, the Americas, Asia, the Middle East and Africa, highlighting the global scale and impact of these threats.
To combat these ever-evolving threats, the cyber community must come together to share information and collaborate across borders, and only through collective oversight and open communication can we stay at the forefront of protecting our digital world.
2024-08-18 23:00:00
#Discover #prominent #trends #consumer #cyber #threats #quarter #Youm7
