الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

A new attack on secure USB drives: Kaspersky reveals key trends in the Q3 APT report

Kaspersky found that a secure USB drive was compromised with malicious code injected into its access management software. This drive was developed by a government entity in Southeast Asia to securely store and transfer files between machines in sensitive environments. The malicious code injected into it was designed to steal confidential files saved on the secure partition of the drive, while also acting as a USB worm and spreading the infection to USB drives of the same type. While this tactic was similar to the compromise of drives that used the UTetris USB management software last year, attributed by Kaspersky to TetrisPhantom, the malicious code implanted on the drive in the latest incident was new. An analysis of the Trojanized USB management software used in this attack, as well as other trends in tools used by cybercriminal groups in attacks around the world, is provided in the latest Kaspersky Q3 APT report.
Other notable findings described in Kaspersky’s Q3 APT report include:
Asia
• Kaspersky detected new attack schemes that utilized the P8 attack framework, which was previously used to target Vietnamese organizations. Most of the infections took place in financial institutions in Vietnam, with one victim active in the manufacturing industry.
Asia, Turkiye, Europe, and Russia
• Awaken Likho is an APT campaign, active since at least July 2021, that primarily targets government organizations and contractors. To date, Kaspersky has detected more than 120 targets in Russia, India, China, Vietnam, Taiwan, Turkiye, Slovakia, the Philippines, Australia, Switzerland and the Czech Republic, among others. While previously attackers relied on the use of the legitimate remote administration tool UltraVNC, in a campaign uncovered in June 2024 (still ongoing), the attackers changed the final payload from UltraVNC to MeshAgent (another remote administration tool; it uses an open-source remote management server).
Africa & Asia
• The Scieron backdoor, a tool commonly used in cyber-espionage campaigns by the Scarab group, was detected in a new campaign that targeted a government entity in Africa and a telecom provider in Central Asia.
Middle East
• MuddyWater is an APT actor that surfaced in 2017 and has traditionally targeted countries in the Middle East, Europe, and the USA. Recently Kaspersky uncovered VBS/DLL-based implants used in intrusions by the MuddyWater APT group, which are still active today. The implants were found at multiple government and telecom entities in Egypt, Kazakhstan, Kuwait, Morocco, Oman, Syria and the UAE.
• Tropic Trooper (aka KeyBoy and Pirate Panda) is an APT group that has been operating since 2011. The group’s targets have traditionally included government entities, as well as the healthcare, transportation and high-tech industries located in Taiwan, the Philippines, and Hong Kong. Kaspersky’s most recent analysis revealed that in 2024, the group conducted attacks against a government entity in Egypt. An attack component was detected that was presumably used by Chinese-speaking actors.
Russia
• In 2021, a campaign called ExCone was detected by Kaspersky, targeting government entities in Russia using vulnerabilities in the VLC media player. Later, victims were also found in Europe, Central Asia, and Southeast Asia. In 2022, spear-phishing emails started to be used as an infection vector, and an updated version of the Pangolin Trojan was deployed. In mid-July 2024, the actor turned to embedding a JavaScript loader as the initial infection vector and attacked Russian educational institutions.
LATAM & Asia
• In June, Kaspersky identified an active campaign called PassiveNeuron, targeting government entities in Latin America and East Asia using previously unknown malware. The servers were compromised before security products were installed, and the method of infection remains unknown. The implants used in this operation do not share any code similarities with known malware, so attribution to a known threat actor is not possible at this time. The campaign shows a very high level of sophistication.
“Throughout 2024, there were 3 billion local threats detected and blocked by Kaspersky globally. The compromise of software on secure USB drives is unusual, but it underscores the fact that protected local digital spaces can be compromised by sophisticated schemes. Cybercriminals constantly update their toolsets and expand the scope of their activities, broadening their targets, both in terms of the spheres targeted, and geographically. We also see more open source tools employed by APT threat actors,” comments David Emm, principal security researcher at Kaspersky.
To read the full APT Q3 2024 trends report, please visit Securelist.
Advanced persistent threats (APTs) are continuous, clandestine, and sophisticated hacking techniques used to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences. APTs are usually leveled at high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply “dipping in” and leaving quickly, as many black-hat attackers do during lower-level cyber assaults.
To avoid falling victim to a targeted attack, Kaspersky researchers recommend individuals and organizations:
• Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.
• Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
• Implement a corporate-grade security solution that detects advanced threats at the network level at an early stage, such as the Kaspersky Anti Targeted Attack Platform.
• Use centralized and automated solutions such as Kaspersky Next XDR Expert to enable comprehensive protection of all your assets;
• Introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform, as many targeted attacks start with phishing or other social engineering techniques.
• Update OS and software as soon as possible and do so regularly.

Related Posts

Turkish Airlines is the Best Airline in Europe for the Tenth Time

Governor of the Central Bank of Egypt Hosts a Delegation from the European Bank for Reconstruction and Development to Explore Areas of Joint Cooperation

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones

Fawry Concludes “AI Rising Gen” by Celebrating Promising Student Projects in Artificial Intelligence

Hupe Achieves CQC Accreditation, Setting a New Standard in Personalised Wellness

Advans Unveils 2024 Impact and Financial Reports Highlighting Significant Milestones Achieved During the Year

The Egyptian Biodynamic Association (EBDA) hosts its third forum in collaboration with Heliopolis University for Sustainable Development in 2025

تفاصيل اجتماع وزير التربية والتعليم مع مديري المديريات لمتابعة الترتيبات النهائية لامتحانات الثانوية

آخر الأخبار
وزير الإسكان يتابع موقف عددٍ من مشروعات مرافق مياه الشرب والصرف الصحي اتحاد مستثمرى المشروعات يطالب بتعويضات حكومية عاجلة لصغار المستثمرين المتضررين من انقطاع الخدمات الم... الخط الساخن لصندوق مكافحة الإدمان يتلقى 620 اتصالًا من سائقين لتلقي العلاج من التعاطي جولد بيليون: تراجع عائدات السندات الأمريكية تدفع الذهب للارتفاع التعليم العالي تعلن تفاصيل اختبارات القدرات المؤهلة للالتحاق ببعض الكليات محافظ المركزي يستقبل نظيره الصيني ويشهدان توقيع 3 مذكرات للتعاون الخطوط الجوية التركية تحصد لقب "أفضل شركة طيران في أوروبا" للمرة العاشرة Turkish Airlines is the Best Airline in Europe for the Tenth Time هيئة الدواء تبحث مع "هاليون" العالمية آليات التوسع فى التصنيع المحلي وتعزيز التصدير احتفاء دولي في لندن.. بـ «كجوك» أفضل وزير مالية بأفريقيا لعام ٢٠٢٥ منتجع ريكسوس بريميوم جزيرة السعديات يدعو المُقيمين في الإمارات وزير الإسكان يعقد اجتماعه الدوري لمتابعة المشروعات السكنية بعددٍ من المدن والمحافظات Core Livings: شركة رقمية متكاملة تدير خدمات التأجير وإعادة البيع لمشروعات ماونتن ڤيو اتحاد شركات التأمين وكلية التجارة – جامعة القاهرة يوقعان بروتوكول تعاون لتأهيل الكوادر الاكتوارية وزير قطاع الأعمال العام يستقبل رئيس الجهاز المركزي للتنظيم والإدارة لبحث تعزيز التعاون المشترك صعود مؤشرات البورصة بمستهل تعاملات جلسة نهاية الأسبوع رئيس البنك الزراعي المصري يلتقي محافظ أسيوط لبحث تعزيز التعاون ودعم التنمية الزراعية بالمحافظة 17 شهيدا بينهم 10 أطفال جراء قصف منطقة نقطة توزيع مكملات غذائية في دير البلح البنك المركزي يُصدر قراراً حاسماً لتحديد مصير أسعار الفائدة خلال ساعات رئيس الوزراء يُتابع جهود اللجنة الطبية العليا والاستغاثات بمجلس الوزراء