Cybersecurity consultants at Kaspersky have unveiled a covert and extremely superior espionage marketing campaign, codenamed “TetrisPhantom.”
The persistent operation has particularly focused authorities establishments within the Asia-Pacific area (APAC), using a novel technique involving safe USB drives for knowledge infiltration. Kaspersky’s findings are a part of their newest quarterly APT risk panorama report.
The clandestine marketing campaign, which first got here to mild in early 2023, is orchestrated by an elusive and unidentified risk actor. Its strategic concentrate on exploiting safe USB drives units this operation aside.
Authorities organizations generally use these detachable drives to securely retailer and switch delicate knowledge, implying that related infiltration methods might have an effect on authorities entities worldwide.
Based on Kaspersky, TetrisPhantom deploys a spread of malicious modules that permit the attacker to achieve intensive management over their sufferer’s gadget. This stage of management allows the execution of instructions, knowledge extraction from compromised techniques and switch of pilfered info utilizing safe USB drives as discreet carriers.
Moreover, the attackers can introduce different malicious information into the infiltrated techniques.
Learn extra on USB threats: USB Drives Used as Trojan Horses By Camaro Dragon
“Our investigation reveals a excessive stage of sophistication, together with virtualization-based software program obfuscation, low-level communication with the USB drive utilizing direct SCSI instructions and self-replication by related, safe USBs,” famous Noushin Shabab, senior safety researcher at Kaspersky’s International Analysis and Evaluation Workforce (GReAT).
“These operations had been performed by a extremely expert and resourceful risk actor, with a eager curiosity in espionage actions inside delicate and safeguarded authorities networks.”
To defend in opposition to these focused assaults, Kaspersky researchers advocate a proactive strategy. This contains sustaining up-to-date software program, exercising warning with unsolicited requests for delicate info, offering cybersecurity groups with the newest risk intelligence, enhancing crew abilities and implementing endpoint detection and response options.
Kaspersky will present further details about the TetrisPhantom risk on the Safety Analyst Summit (SAS) scheduled for October 25–28.
