الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

A new attack on secure USB drives: Kaspersky reveals key trends in the Q3 APT report

Kaspersky found that a secure USB drive was compromised with malicious code injected into its access management software. This drive was developed by a government entity in Southeast Asia to securely store and transfer files between machines in sensitive environments. The malicious code injected into it was designed to steal confidential files saved on the secure partition of the drive, while also acting as a USB worm and spreading the infection to USB drives of the same type. While this tactic was similar to the compromise of drives that used the UTetris USB management software last year, attributed by Kaspersky to TetrisPhantom, the malicious code implanted on the drive in the latest incident was new. An analysis of the Trojanized USB management software used in this attack, as well as other trends in tools used by cybercriminal groups in attacks around the world, is provided in the latest Kaspersky Q3 APT report.
Other notable findings described in Kaspersky’s Q3 APT report include:
Asia
• Kaspersky detected new attack schemes that utilized the P8 attack framework, which was previously used to target Vietnamese organizations. Most of the infections took place in financial institutions in Vietnam, with one victim active in the manufacturing industry.
Asia, Turkiye, Europe, and Russia
• Awaken Likho is an APT campaign, active since at least July 2021, that primarily targets government organizations and contractors. To date, Kaspersky has detected more than 120 targets in Russia, India, China, Vietnam, Taiwan, Turkiye, Slovakia, the Philippines, Australia, Switzerland and the Czech Republic, among others. While previously attackers relied on the use of the legitimate remote administration tool UltraVNC, in a campaign uncovered in June 2024 (still ongoing), the attackers changed the final payload from UltraVNC to MeshAgent (another remote administration tool; it uses an open-source remote management server).
Africa & Asia
• The Scieron backdoor, a tool commonly used in cyber-espionage campaigns by the Scarab group, was detected in a new campaign that targeted a government entity in Africa and a telecom provider in Central Asia.
Middle East
• MuddyWater is an APT actor that surfaced in 2017 and has traditionally targeted countries in the Middle East, Europe, and the USA. Recently Kaspersky uncovered VBS/DLL-based implants used in intrusions by the MuddyWater APT group, which are still active today. The implants were found at multiple government and telecom entities in Egypt, Kazakhstan, Kuwait, Morocco, Oman, Syria and the UAE.
• Tropic Trooper (aka KeyBoy and Pirate Panda) is an APT group that has been operating since 2011. The group’s targets have traditionally included government entities, as well as the healthcare, transportation and high-tech industries located in Taiwan, the Philippines, and Hong Kong. Kaspersky’s most recent analysis revealed that in 2024, the group conducted attacks against a government entity in Egypt. An attack component was detected that was presumably used by Chinese-speaking actors.
Russia
• In 2021, a campaign called ExCone was detected by Kaspersky, targeting government entities in Russia using vulnerabilities in the VLC media player. Later, victims were also found in Europe, Central Asia, and Southeast Asia. In 2022, spear-phishing emails started to be used as an infection vector, and an updated version of the Pangolin Trojan was deployed. In mid-July 2024, the actor turned to embedding a JavaScript loader as the initial infection vector and attacked Russian educational institutions.
LATAM & Asia
• In June, Kaspersky identified an active campaign called PassiveNeuron, targeting government entities in Latin America and East Asia using previously unknown malware. The servers were compromised before security products were installed, and the method of infection remains unknown. The implants used in this operation do not share any code similarities with known malware, so attribution to a known threat actor is not possible at this time. The campaign shows a very high level of sophistication.
“Throughout 2024, there were 3 billion local threats detected and blocked by Kaspersky globally. The compromise of software on secure USB drives is unusual, but it underscores the fact that protected local digital spaces can be compromised by sophisticated schemes. Cybercriminals constantly update their toolsets and expand the scope of their activities, broadening their targets, both in terms of the spheres targeted, and geographically. We also see more open source tools employed by APT threat actors,” comments David Emm, principal security researcher at Kaspersky.
To read the full APT Q3 2024 trends report, please visit Securelist.
Advanced persistent threats (APTs) are continuous, clandestine, and sophisticated hacking techniques used to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences. APTs are usually leveled at high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply “dipping in” and leaving quickly, as many black-hat attackers do during lower-level cyber assaults.
To avoid falling victim to a targeted attack, Kaspersky researchers recommend individuals and organizations:
• Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.
• Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
• Implement a corporate-grade security solution that detects advanced threats at the network level at an early stage, such as the Kaspersky Anti Targeted Attack Platform.
• Use centralized and automated solutions such as Kaspersky Next XDR Expert to enable comprehensive protection of all your assets;
• Introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform, as many targeted attacks start with phishing or other social engineering techniques.
• Update OS and software as soon as possible and do so regularly.

Related Posts

MPC decides to keep key policy rates unchanged; extends inflation target horizons 

Silicon Waha Concludes a Successful First Edition of “Waha Connect” Event at New Assiut Technology Park with more than 220 participants

Huawei Concludes HUAWEI Service Open Day with Exciting Service Giving Season Offers Until December 31st

Tabarak Holding Achieves Record 100% Growth in 2024 and Targets Regional Expansions in 2025

AD Ports Group Completes Restructuring of Noatum Group Assets

Reflecting on a Year of Community Spirit and Sustainability with Keolis MHI’s CSR Journey in 2024

Central Bank of Egypt Organizes a Seminar on “Effective Supervision: Building Supervisory Frameworks and Risk Management” with 110 Participants from African Central Banks

Maqam Misr introduces its third project in New Capital and prepares to announce its fourth in early 2025

آخر الأخبار
موقف نقابة المهن الموسيقية في واقعة القبض على حمو بيكا المصرية للاتصالات تنعى والدة النائب أحمد بدوي MPC decides to keep key policy rates unchanged; extends inflation target horizons  اختتام فعاليات الموسم الثاني من Oncolympics لدعم التعليم الطبي المستمر لأطباء الأورام في المستشفيات ... البنك المركزي المصري يثبت أسعار الفائدة للمرة السادسة على التوالي وزير الاتصالات يشهد حفل تخرج الدفعة الأولى من المبادرة الوطنية "قادة مصر الرقمية" الهيئة القومية للبريد تنعي النائب أحمد بدوي رئيس لجنة اتصالات النواب في وفاة والدته عضو اتحاد الغرف السياحية يكشف نسب الاشغالات الفندقية في احتفالات ر أس السنة محافظ بورسعيد يسلم 40 جهاز كهربائى لعدد 10 عرائس من أبناء المحافظة بالتعاون مع مؤسسة العربى Silicon Waha Concludes a Successful First Edition of “Waha Connect” Event at New Assiut Technology P... واحات السيليكون تختتم النسخة الأولى من “واحة كونكت” في المنطقة التكنولوجية بأسيوط الجديدة مدبولي يُوجه بالتوسع في نموذج "سوق اليوم الواحد" وتنظيمه على يومين وزير الإسكان يتفقد أعمال الطرق بمنطقة أحياء بيت الوطن بالامتداد الشرقي لمدينة القاهرة الجديدة التعليم تعلن فتح باب التقديم للمدارس المصرية اليابانية للعام الدراسي 2025/2026 مصر تدين اقتحام وزير الأمن القومي الإسرائيلي المسجد الأقصى المبارك EdVentures تضخ استثمارات بـ 6 أرقام وتضم شركتين ناشئتين لمحفظتها عبر برنامجها الجديد EDVS تاكسي دبي تطلق استراتيجيتها 2025-2029 مجموعة "روشن" تضع حجر الأساس لمجتمع "المنار" لتطلق حقبة جديدة في مسيرة التطوير العمراني بمكة المكرمة "التجاري الدولي" ينجح في إتمام ثاني عملية توريق لشركة وان فاينانس بقيمة 679 مليون جنيه رئيسا الأعلى للإعلام والمتحدة للخدمات الإعلامية يناقشان سبل الارتقاء بالإعلام المصري