الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

A new attack on secure USB drives: Kaspersky reveals key trends in the Q3 APT report

Kaspersky found that a secure USB drive was compromised with malicious code injected into its access management software. This drive was developed by a government entity in Southeast Asia to securely store and transfer files between machines in sensitive environments. The malicious code injected into it was designed to steal confidential files saved on the secure partition of the drive, while also acting as a USB worm and spreading the infection to USB drives of the same type. While this tactic was similar to the compromise of drives that used the UTetris USB management software last year, attributed by Kaspersky to TetrisPhantom, the malicious code implanted on the drive in the latest incident was new. An analysis of the Trojanized USB management software used in this attack, as well as other trends in tools used by cybercriminal groups in attacks around the world, is provided in the latest Kaspersky Q3 APT report.
Other notable findings described in Kaspersky’s Q3 APT report include:
Asia
• Kaspersky detected new attack schemes that utilized the P8 attack framework, which was previously used to target Vietnamese organizations. Most of the infections took place in financial institutions in Vietnam, with one victim active in the manufacturing industry.
Asia, Turkiye, Europe, and Russia
• Awaken Likho is an APT campaign, active since at least July 2021, that primarily targets government organizations and contractors. To date, Kaspersky has detected more than 120 targets in Russia, India, China, Vietnam, Taiwan, Turkiye, Slovakia, the Philippines, Australia, Switzerland and the Czech Republic, among others. While previously attackers relied on the use of the legitimate remote administration tool UltraVNC, in a campaign uncovered in June 2024 (still ongoing), the attackers changed the final payload from UltraVNC to MeshAgent (another remote administration tool; it uses an open-source remote management server).
Africa & Asia
• The Scieron backdoor, a tool commonly used in cyber-espionage campaigns by the Scarab group, was detected in a new campaign that targeted a government entity in Africa and a telecom provider in Central Asia.
Middle East
• MuddyWater is an APT actor that surfaced in 2017 and has traditionally targeted countries in the Middle East, Europe, and the USA. Recently Kaspersky uncovered VBS/DLL-based implants used in intrusions by the MuddyWater APT group, which are still active today. The implants were found at multiple government and telecom entities in Egypt, Kazakhstan, Kuwait, Morocco, Oman, Syria and the UAE.
• Tropic Trooper (aka KeyBoy and Pirate Panda) is an APT group that has been operating since 2011. The group’s targets have traditionally included government entities, as well as the healthcare, transportation and high-tech industries located in Taiwan, the Philippines, and Hong Kong. Kaspersky’s most recent analysis revealed that in 2024, the group conducted attacks against a government entity in Egypt. An attack component was detected that was presumably used by Chinese-speaking actors.
Russia
• In 2021, a campaign called ExCone was detected by Kaspersky, targeting government entities in Russia using vulnerabilities in the VLC media player. Later, victims were also found in Europe, Central Asia, and Southeast Asia. In 2022, spear-phishing emails started to be used as an infection vector, and an updated version of the Pangolin Trojan was deployed. In mid-July 2024, the actor turned to embedding a JavaScript loader as the initial infection vector and attacked Russian educational institutions.
LATAM & Asia
• In June, Kaspersky identified an active campaign called PassiveNeuron, targeting government entities in Latin America and East Asia using previously unknown malware. The servers were compromised before security products were installed, and the method of infection remains unknown. The implants used in this operation do not share any code similarities with known malware, so attribution to a known threat actor is not possible at this time. The campaign shows a very high level of sophistication.
“Throughout 2024, there were 3 billion local threats detected and blocked by Kaspersky globally. The compromise of software on secure USB drives is unusual, but it underscores the fact that protected local digital spaces can be compromised by sophisticated schemes. Cybercriminals constantly update their toolsets and expand the scope of their activities, broadening their targets, both in terms of the spheres targeted, and geographically. We also see more open source tools employed by APT threat actors,” comments David Emm, principal security researcher at Kaspersky.
To read the full APT Q3 2024 trends report, please visit Securelist.
Advanced persistent threats (APTs) are continuous, clandestine, and sophisticated hacking techniques used to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences. APTs are usually leveled at high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply “dipping in” and leaving quickly, as many black-hat attackers do during lower-level cyber assaults.
To avoid falling victim to a targeted attack, Kaspersky researchers recommend individuals and organizations:
• Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.
• Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
• Implement a corporate-grade security solution that detects advanced threats at the network level at an early stage, such as the Kaspersky Anti Targeted Attack Platform.
• Use centralized and automated solutions such as Kaspersky Next XDR Expert to enable comprehensive protection of all your assets;
• Introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform, as many targeted attacks start with phishing or other social engineering techniques.
• Update OS and software as soon as possible and do so regularly.

Related Posts

Beware of fakes: Scammers use Labubu doll hype on multilingual scam websites

Orange Egypt Officially Launches 5G Services in Egypt

Sawiris Foundation Signs an MoU with AFD, Essam and May Allam Foundation, and the Louis Dreyfus Foundation to Develop Agricultural Solutions

DoubleTree by Hilton Resort & Spa Marjan Island Announces Four Key Leadership Appointments

Forbes Middle East and Beltone Holding to Launch the Top Advisors & Investors Summit in Egypt

CDF Champions Cultural Entrepreneurship and Strategic Investment at Expo 2025 Osaka

6. A One-Million-EGP Smartwatch? CardoO

A targeted attack mimics communication from company CEO to steal funds

آخر الأخبار
الصحة العالمية: جدرى القرود لا يزال يشكل حالة طوارئ صحية عامة تثير قلقا دوليا وزير الصحة يتلقى تقريراً عن متابعة تنفيذ خطة التأمين الطبي للساحل الشمالي خلال الأجازات وفصل الصيف وزير الصناعة والنقل في جولة تفقدية مفاجئة بمحطة مصر للسكك الحديدية برمسيس كريم عبد العزيز يتصدر إيرادات أفلام عيد الأضحى 2025 بـ”المشروع X” فارنك تحقق نموًا جديدًا في أعمالها بقيمة تزيد عن 10 ملايين درهم إماراتي في قطاع الضيافة بدولة الإمار... فيرتف تستعرض "مصنع الذكاء الاصطناعي المستقبلي" خلال مشاركتها في مؤتمر NVIDIA GTC باريس غلق وتشميع عيادة طبيب واقعة المسنة المتوفية فى قنا لعدم وجود ترخيص "الزراعة" تواصل جهودها لضمان جودة اللقاحات البيطرية وحماية الثروة الحيوانية خلال عيد الأضحى أمنكس تطلق حلولًا لرقمنة تدفقات العمل في قطاع البناء والتشييد حكيم يحيي حفلاً ضخماً في مهرجان أوسلو للموسيقى العالمية بالنرويج أحمد سعد يتألق في حفل العيد ببورتو العلمين.. ويستعد لجولة غنائية جولد بيليون ترصد حركة الذهب مع محادثات التجارة بين أمريكا والصين المطربة "نيفين رجب" تستعد لإطلاق أغنية جديدة بعنوان "منسية" Beware of fakes: Scammers use Labubu doll hype on multilingual scam websites كاسبرسكي تحذر من المواقع الإلكترونية الاحتيالية التي تستهدف محبي دمى لابوبو طقس غد الثلاثاء.. شديد الحرارة علي أغلب الأنحاء مؤسسة فاعلون تعلن التكفل بإعانة شهرية دائمة 10 آلاف جنيه لأسرة الشهيد البطل خالد محمد شوقي التضامن: عودة أولى رحلات حج الجمعيات الأهلية من جدة 10 يونيو الأوقاف تقيم أمسية ثقافية بمسجد العلي العظيم حازم الصدير: أغنية " هلا بحبك" تمثل نقلة فنية وتجربة محبّبة إلى قلبي