Government entities in APAC were targeted by an APT campaign discovered by Kaspersky

The new Kaspersky threat landscape report details these and other findings

Kaspersky researchers recently uncovered a cyber campaign named ‘TetrisPhantom‘. This campaign specifically targets secure USB drives used by government bodies in the Asia-Pacific region. The attackers are trying to access encrypted data stored on these devices. What makes this discovery significant is that this campaign is different from any other known threats, and it has not been linked to any specific group before. Kaspersky shared these findings in their latest report on advanced persistent threats.

In the beginning of 2023, Kaspersky’s Global Research and Analysis team discovered a prolonged spying operation conducted by an unknown attacker. This campaign involved covertly gathering sensitive information from government organizations in the Asia-Pacific region (APAC). The attacker exploited a specific type of secure USB drive, which is designed to protect data through hardware encryption during storage and transfer between computer systems. Since these secure USB drives are widely used by government entities globally, it suggests that more organizations could be vulnerable to similar tactics.

The espionage campaign involves multiple harmful components, allowing the attacker to gain significant control over the victim’s device. This control enables them to issue commands, gather files and data from compromised computers, and transfer the information to other machines using similar or different secure USB drives. Furthermore, the Advanced Persistent Threat (APT) group is skilled at running additional malicious files on the infected systems.

Kaspersky researchers have noted a limited number of victims, indicating the highly targeted nature of the attack. The investigation has unveiled a high level of sophistication, including advanced techniques like virtualization-based software obfuscation, direct communication with the USB drive using specific commands, and self-replication through connected secure USBs. According to Noushin Shabab, a senior security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), the operations were carried out by a highly skilled and resourceful threat actor interested in espionage activities within sensitive government networks.

As of now, there are no connections to any known threat actor. Since the attack is still ongoing, experts are closely monitoring its progress and anticipate more sophisticated attacks from the same group in the future.

Discover exciting updates about TetrisPhantom at the upcoming Security Analyst Summit (SAS) from October 25 to 28. Reserve your spot to stay updated on the latest threats in the online world.

Also Read | Fake Access To Malicious AI Tool ‘WormGPT’ For Sale On The Dark Web

For more information about cybersecurity threats in Q3 2023, check out Securelist.com.

Researchers at Kaspersky recommend implementing the following measures to prevent falling victim to a targeted attack by a known or unknown threat actor:

• To keep your operating system, applications, and antivirus software up-to-date, make sure you regularly update them.
• Don’t provide sensitive information in emails, messages, or phone calls. Before sharing personal information or clicking on suspicious links, verify the sender’s identity.
• Make sure your SOC team has access to the latest threat intelligence (TI). With over 20 years of cyberattack data and insights collected by Kaspersky, the Kaspersky Threat Intelligence Portal provides a one-stop shop for all the company’s threat intelligence.
• Great experts have developed Kaspersky online training to help your cybersecurity team deal with the latest targeted threats
• For endpoint-level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response.

Also Read | How to Defend Against WoofLocker Scam?

Kaspersky researchers uncovered ‘TetrisPhantom,’ an APT campaign targeting secure USB drives in APAC government bodies. Highly sophisticated, no known group connection. Ongoing threat; prevention measures advised.