Kaspersky researchers have found a persistent marketing campaign compromising a selected sort of safe USB drive, used to supply encryption for protected information storage. Dubbed ‘TetrisPhantom,’ this espionage effort targets authorities entities within the Asia-Pacific area (APAC) and reveals no discernible overlap with any recognized risk actor. These and different findings are detailed in Kaspersky’s new quarterly APT risk panorama report.
Uncovering Espionage Marketing campaign
In early 2023, Kaspersky’s World Analysis and Evaluation crew uncovered a long-running espionage marketing campaign operated by a beforehand unknown actor. The attacker covertly spied on and harvested delicate information from APAC authorities entities by exploiting a specific sort of safe USB drive, protected by {hardware} encryption to make sure the safe storage and switch of knowledge between laptop techniques. These safe USB drives are employed by authorities organisations worldwide, implying that extra entities may doubtlessly fall prey to related methods.
Discovery of Malicious Modules
The marketing campaign includes numerous malicious modules, by way of which the actor can achieve intensive management over the sufferer’s system. This enables them to execute instructions, gather information and knowledge from compromised machines, and switch them to different machines utilizing the identical or totally different safe USB drives as carriers. Moreover, the APT is proficient in executing different malicious information on the contaminated techniques.
Excessive-Stage Sophistication in Authorities Assaults
Kaspersky researchers report there are a restricted variety of victims, highlighting the extremely focused nature of the assault. “Our investigation reveals a high-level of sophistication, together with virtualisation-based software program obfuscation, low-level communication with the USB drive utilizing direct SCSI instructions, and self-replication by way of related safe USBs.
These operations have been performed by a extremely expert and resourceful risk actor, with a eager curiosity in espionage actions inside delicate and safeguarded authorities networks,” feedback Noushin Shabab, senior safety researcher at Kaspersky’s World Analysis and Evaluation Crew (GReAT).
Kaspersky researchers haven’t noticed any overlaps with any present risk actor, however with this assault marketing campaign nonetheless ongoing, consultants proceed to trace its progress, and anticipate to see extra refined assaults from them sooner or later. To study extra about APT risk panorama in Q3 2023, go to Securelist.com.
Learn how to Keep away from Falling Sufferer to Focused Assaults
To be able to keep away from falling sufferer to a focused assault by a recognized or unknown risk actor, Kaspersky researchers advocate implementing the next measures:
- Frequently replace your working system, purposes, and antivirus software program to patch any recognized vulnerabilities.
- Be cautious of emails, messages, or calls asking for delicate data. Confirm the sender’s identification earlier than sharing any private particulars or clicking at suspicious hyperlinks.
- Present your SOC crew with entry to the most recent risk intelligence (TI). The Kaspersky Risk Intelligence Portal is a single level of entry for the corporate’s TI, offering cyberattack information and insights gathered by Kaspersky spanning over 20 years.
- Upskill your cybersecurity crew to sort out the most recent focused threats with Kaspersky on-line coaching developed by GReAT consultants
- For endpoint stage detection, investigation, and well timed remediation of incidents, implement EDR options such as Kaspersky Endpoint Detection and Response.
