APT Q1 2023 playbook: Advanced techniques, broader horizons, and new targets

Woburn, MA – April 27, 2023 – Kaspersky has released its latest Advanced Persistent Threats (APTs) quarterly trends report, revealing bustling APT activity in the first quarter of 2023, with a mix of new and established actors spotted engaging in a range of campaigns. The report shows that, during this time, APT actors have been busy updating their toolsets and expanding their attack vectors both in terms of geographical location and target industries.

During the first three months of this year, Kaspersky researchers have uncovered new tools, techniques and campaigns launched by APT groups in cyberattacks around the world. The APT trends report is derived from Kaspersky’s private threat intelligence research and major developments, plus cyber incidents that researchers believe everyone should be aware of. The report highlighted several trends, including:

New techniques and updated tools

APT actors have been continuously looking for new ways to perform their attacks in order to avoid detection and achieve their goals. In Q1 2023, Kaspersky researchers have seen that established threat actors such as Turla, MuddyWater, Winnti, Lazarus, and ScarCruft – which have been in the APT arena for many years – are not standing still and continue to develop their toolsets. For instance, researchers spotted Turla using TunnusSched backdoor, a relatively unusual tool for this group, which Tomiris has been known to employ. This demonstrates how established APT actors are adapting and evolving their tactics to stay ahead of the game.

There have also been campaigns from newly discovered threat actors such as Trila targeting Lebanese governmental entities.

More industries becoming an interesting subject for APT actors

APT actors continue to expand beyond their traditional victims, such as state institutions and high-profile targets, to include the aviation, energy, manufacturing, real estate, finance, telecom, scientific research, IT, and gaming sectors. Such companies possess substantial volumes of data that serve strategic requirements related to national priorities, or create additional accesses and vectors to facilitate future campaigns.

Geographical expansion

Kaspersky experts have also witnessed advanced actors performing attacks with a focus on Europe, the US, the Middle East, and various parts of Asia. While most actors previously targeted victims in specific countries, more and more APTs are now targeting victims globally. For instance, MuddyWater, an actor that previously showed a preference for targeting Middle Eastern and North African entities, has expanded its malicious activity to organizations in Azerbaijan, Armenia, Malaysia, and Canada, in addition to its previous targets in Saudi Arabia, Turkey, UAE, Egypt, Jordan, Bahrain, and Kuwait.

“While we have been tracking the same APT actors for decades, it’s clear they are continually evolving with new techniques and toolsets,” said David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT). “Additionally, the emergence of newly developed threat actors means the APT landscape is rapidly changing, especially in these turbulent times. Organizations must remain vigilant and ensure they are equipped with threat intelligence and the appropriate tools to defend against existing and emerging threats. By sharing our insights and findings, we aim to empower cybersecurity professionals to be prepared against high-profile threats.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here