Kaspersky has published its latest report on the ongoing security threat trends for the second quarter of the current year 2023, the researchers analyzed the developments of new and existing campaigns, the report highlights the continuous activity of threats during this period, including updating toolsets, introducing new variants of malware, and adopting new techniques by cybercriminals.
One of the most significant findings revealed by Kaspersky recently is a continuous campaign called “Operation Triangulation,” targeting the iOS operating system, this attack is executed through hidden iMessage messages with a malicious attachment, it exploits several vulnerabilities in the iOS operating system and installs spyware on the device without requiring any action from the user.
Experts also observed other interesting developments that everyone should be aware of, the key points mentioned in the report are as follows:
1. New Threat in Asia and the Pacific:
Kaspersky identified a new threat belonging to a cybercriminal group called “Elephants,” operating in the Asia-Pacific region, this group is responsible for the “Mysterious Elephant” campaign, in their recent campaign, they used new backdoor tools that can handle files and execute commands on the victim’s computer, they receive files or commands from a malicious server to execute on the compromised device.
2. Upgrading Toolsets:
Hacker groups continuously work on improving their techniques, for example, the “Lazarus” group upgraded its framework MATA and introduced a new version called “MATAv5”, BlueNoroff, a Lazarus sub-group focusing on financial attacks, employs new delivery methods and programming languages, including using PDF file reading tools in recent campaigns, deploying macOS malware, and programming in Rust, the ScarCruft APT group also developed new ways to expand its reach and evade security mechanisms.
3. Geopolitical Impact as a Key Driver:
Advanced persistent threat campaigns continue to spread widely across various geographic regions, including Europe, Latin America, the Middle East, and different parts of Asia, these campaigns often have a geopolitical motive as the main agenda.
David Emm, the principal security researcher at Kaspersky’s Global Research and Analysis Team, stated: “We notice some threat actors sometimes sticking to traditional methods like social engineering, while others update their toolsets and expand their activities, furthermore, new advanced actors keep emerging, such as the group behind ‘Operation Triangulation’, this group uses a previously unknown malware platform to target the iOS operating system, distributing it through a one-click iMessage exploitation, this highlights the need for global companies to stay vigilant by monitoring threat intelligence and identifying the right defensive tools to face both existing and emerging challenges.”
Kaspersky’s Recommendations:
To mitigate the risk of targeted attacks, Kaspersky experts recommend the following measures:
1. Promptly update the operating system and third-party software to the latest versions to ensure system security and protect against potential vulnerabilities and security risks.
2. Develop cybersecurity team skills to handle the latest targeted threats, utilizing online training resources provided by Kaspersky.
3. Stay informed about the latest threat intelligence to remain up-to-date with the latest technological protection methods used by cybercriminals.
4. Implement endpoint detection and response solutions such as Kaspersky Endpoint Detection and Response to investigate and respond to incidents effectively.
5. Consider using specialized services to counter serious attacks, like managed detection and response services from Kaspersky, which can identify and stop breaches at early stages, and incident response services to handle incidents promptly and reduce potential damage.
For the full report on ongoing advanced threat trends in the second quarter of 2023, visit the Securelist website.