May 19. (Portaltic/EP) –
cybersecurity researchers have reported a rise of advanced persistent threat (APT) campaigns during the first quarter of this yearwith the use of new techniques and updated tools, the appearance of new malicious actors such as Trila and the expansion of attacks at a geographical level and by sectors of activity.
Advanced persistent threats are a type of cyberthreat that uses hacking techniques that act covertly to access a system and attack it continuously for a long timewhich can lead to potentially destructive consequences.
Within this framework, as shown by the results of the last report of Kaspersky on APTswhich collects the data collected during the first three months of 2023, has identified a increase in attack campaigns of already known threats like MuddyWater, and from new malicious actors newly discovered as Trila and LoneZerda.
Specifically, the researchers found threats that have already been recognized in attacks before as Turla, MuddyWater, Winnti or Lazarus, who continue to develop threat tools. An example is the case of Turla, which uses the ‘malware’ TunnusSched for new attacks, when He usually uses Tomiris.
For their part, researchers have identified a new malicious actorwhich they refer to as Trilain a campaign that dates back to December 2022. Trila is written in the .NET languageis dedicated to the execution of remote console commands, and directs its attacks against Lebanese government entities.
According to cybersecurity experts, Trila uses a set of tools that are mainly based on ‘malware’ “simple and homemade” what to them allows you to remotely execute Windows system commands on infected machines and extract information.
Another discovered APT threat actor has been LoneZerdawhose origin seems to be Lebanese and go back to the year 2017, according to experts. This malicious actor was focused on diplomatic entities in countries within the Middle East and collected a registration of the use of keys on computers of infected victims.
As has been assured David Emm of Kaspersky’s Global Research and Analysis Team (GReAt)“the groups APT have been active for decades and their techniques are evolving and tools”. In this sense, he pointed out that the identification of the development of new threats “makes it clear that the APT landscape changes very quickly.”
For this reason, Emm has suggested that the organizations “must always be alert” and make sure they have the best threat intelligence and the right tools to defend themselves.
EUROPE, UNITED STATES AND MIDDLE EAST
In addition, these campaigns have expanded both geographically and by sector of activity. According to Kaspersky, during the first months of 2023, ATP campaigns have focused on Europe, the United States, the Middle East and some regions of Asiaso they have continued to act in a “very dispersed” manner.
Similarly, these APT attacks have searched for new goals. Typically, cybercriminals target state institutions and other high-level organizations. However, during this period there have been attacks in sectors such as aviation, energy, real estatetelecommunications, the banking, scientific research and even video games.
The interest in these sectors is due to the fact that they are companies with large amounts of dataFurthermore, many of them are “strategic cutting” as Kaspersky emphasizes, which makes it useful data for future campaigns.
HOW TO AVOID APT ATTACKS
In order to avoid being a victim of these threats, the Kaspersky team recommends taking common actions such as update the ‘software’ on regular basis. However, it also points to the importance to know the latest threats of this style to facilitate its detection.
Likewise, the cybersecurity company recommends use an endpoint security solution that can identify threats at an early stage. On the other hand, regarding users, he warns that they must be aware that many campaigns use social engineering techniques to launch attacks with techniques such as ‘phishing’, for example.
