Signature Techniques of Asian APT Groups Revealed
The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures (TTPs) employed by Asian Advanced Persistent Threat (APT) groups.
The 370-page report, Modern Asian APT groups: Tactics, Techniques and Procedures, published today, is based on an examination of around one hundred cybersecurity incidents that unfolded across different regions globally, commencing in 2022.
The report documents the TTPs used by APT groups at various stages of the cyber-attack process and offers essential recommendations to combat these threats.
One of the key findings of the research is that Asian APTs exhibit no regional bias in target selection, indicating their capability to employ consistent tactics worldwide.
These attackers are proficient in combining techniques, particularly the “Create or Modify System Process: Windows technique Service T1543.003” and “Hijack Execution Flow: DLL Side-Loading T1574.002,” allowing them to escalate privileges and evade detection.
The primary focus of these Asian APT groups is cyber-espionage, with a strong emphasis on gathering sensitive information and funneling it to legitimate cloud services or external channels. However, the report also highlights rare instances where these groups deviate from this pattern, such as by employing ransomware in their attacks.
The industries most frequently targeted by these APT groups include government, industrial, healthcare, IT, agriculture and energy sectors. Kaspersky said the analysis of the TTPs employed by these attackers has led to the creation of specific SIGMA rules.
Read more about similar attacks: Chinese APT ToddyCat Targets Asian Telecoms, Governments
“In the world of cybersecurity, knowledge is the key to resilience,” commented Nikita Nazarov, head of threat exploration at Kaspersky.
“Through this report, we aim to empower security specialists with the insights they need to stay ahead of the game and safeguard against potential threats. We urge the entire cybersecurity community to join us in this knowledge-sharing mission for a stronger and more secure digital landscape.”