APT “Mysterious Elephant” Emerges in Q2 2023, Kaspersky Reports


A new malicious actor known as “Mysterious Elephant” operating in the Asia-Pacific region has emerged in the threat landscape in the second quarter of 2023.

According to a new report by cybersecurity firm Kaspersky, Mysterious Elephant exhibits a combination of new backdoor families and distinct tactics, techniques and procedures (TTPs), which set them apart from other groups while also sharing similarities with threat actors like Confucius and SideWinder (users of earlier versions of the Rover backdoor).

Additionally, the report sheds light on more information related to the long-running “Operation Triangulation” campaign, which utilized a previously unknown iOS malware platform distributed through zero-click iMessage exploits.

Read more on Operation Triangulation: Kaspersky Releases Tool to Detect Zero-Click iOS Attacks

The research document also shows that Lazarus, a notorious hacking group, has upgraded its MATA framework and introduced a new variant of the sophisticated MATA malware family, MATAv5, in Q2 2023. 

Another subgroup of Lazarus, BlueNoroff, focused on financial attacks and adopted new delivery methods and programming languages, including macOS malware and Rust programming.

At a higher level, Kaspersky said geopolitical influences continue to drive APT activity, with campaigns dispersed across regions like Europe, Latin America, the Middle East and various parts of Asia.

David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), emphasized the importance of staying vigilant and prepared against evolving threats.

“While some threat actors stick to familiar tactics like social engineering, others have evolved, refreshing their toolsets and expanding their activities. Moreover, new advanced actors, such as those conducting the ‘Operation Triangulation’ campaign, constantly emerge,” Emm explained.

Kaspersky researchers recommended several measures to protect against targeted attacks, including timely updates of operating systems and software and up-skilling cybersecurity teams with specialized training.

The company further advised companies to use the latest threat intelligence information and implement Endpoint Detection and Response (EDR) solutions to combat high-profile attacks and minimize the impact of incidents.



Source link