Cyberspying groups are carrying out cyberespionage in Southeast Asia, online security firm Kaspersky says. — Photo courtesy of the company
Major advanced persistent threat (APT) groups have increased their activity and are waging sophisticated cyberespionage in the Southeast Asia region, according to cyber-security company Kaspersky.
APTs are complex attacks, consisting of many different components like penetration tools, network propagation mechanisms, spyware, tools for concealment (root/boot kits) and others, often sophisticated techniques, all designed to get undetected access to sensitive information.
In its 2019 APT report, the company said 2019 was a busy year for cybercriminals as they launched new attack tools, including spying through mobile malware to achieve their goal to steal information from government and military entities and organisations across the region.
Vitaly Kamluk, director of the global research and analysis team (GReAT) Asia Pacific at Kaspersky, said: “Geopolitics is one of the main factors that shape the cyber threat landscape in Southeast Asia. A number of our investigations into APT attacks targeting the region last year showed the main attack motivation was economic and geopolitical intelligence gathering. Inevitably the main victims are mostly government organisations, diplomatic entities and political parties.”
The main APT groups which targeted Southeast Asian countries in 2019 and 2020 were FunnyDream, Platinum, Cycldek, HoneyMyte, Finspy, PhantomLance, and Zebrocy.
Platinum, for instance, is one of the most technologically advanced APT actors with a traditional focus on the Asia Pacific region.
In 2019, Kaspersky researchers discovered Platinum using a new backdoor, dubbed Titanium and named after a password to one of the self-executable archives.
Titanium is the final result of a sequence of dropping, downloading and installing stages. The malware hides at every step by mimicking common software – protection-related, sound drivers software, DVD video creation tools.
Diplomatic and government entities in Indonesia, Malaysia and Viet Nam were identified among its victims.
Cycldek is a Chinese-speaking actor, is also known as Goblin Panda and is infamous for information theft and espionage across government, defence and energy sectors in the region using PlugX and HttpTunnel malware variants. Its target countries include Laos, the Philippines, Thailand, and Viet Nam.
Yeo Siang Tiong, general manager for Southeast Asia, Kaspersky, said: “Our findings about the threat landscape in Southeast Asia last year revealed a growing need for both public and private institutions to beef up their cybersecurity capabilities.
“These various groups, with covert infiltration schemes and attack methods and waging espionage campaigns in the region, show that security has to go beyond the usual anti-virus and firewall solutions.”
Kaspersky is currently monitoring over 100 APT groups and operations globally, regardless of their origin, he said. — VNS