The Kaspersky Cyber Risk Intelligence workforce has unveiled essential insights into the techniques, methods and procedures (TTPs) employed by Asian Superior Persistent Risk (APT) teams.
The 370-page report, Trendy Asian APT teams: Techniques, Methods and Procedures, revealed as we speak, is predicated on an examination of round 100 cybersecurity incidents that unfolded throughout completely different areas globally, commencing in 2022.
The report paperwork the TTPs utilized by APT teams at numerous levels of the cyber-attack course of and gives important suggestions to fight these threats.
One of many key findings of the analysis is that Asian APTs exhibit no regional bias in goal choice, indicating their functionality to make use of constant techniques worldwide.
These attackers are proficient in combining methods, notably the “Create or Modify System Course of: Home windows approach Service T1543.003” and “Hijack Execution Move: DLL Aspect-Loading T1574.002,” permitting them to escalate privileges and evade detection.
The first focus of those Asian APT teams is cyber-espionage, with a robust emphasis on gathering delicate info and funneling it to reputable cloud providers or exterior channels. Nevertheless, the report additionally highlights uncommon cases the place these teams deviate from this sample, reminiscent of by using ransomware of their assaults.
The industries most regularly focused by these APT teams embody authorities, industrial, healthcare, IT, agriculture and power sectors. Kaspersky stated the evaluation of the TTPs employed by these attackers has led to the creation of particular SIGMA guidelines.
Learn extra about comparable assaults: Chinese language APT ToddyCat Targets Asian Telecoms, Governments
“On the planet of cybersecurity, data is the important thing to resilience,” commented Nikita Nazarov, head of risk exploration at Kaspersky.
“By this report, we purpose to empower safety specialists with the insights they should keep forward of the sport and safeguard towards potential threats. We urge your entire cybersecurity neighborhood to affix us on this knowledge-sharing mission for a stronger and safer digital panorama.”
