A growing number of Advanced Persistent Threat (APT) groups are updating their toolsets to explore new attack vectors both in terms of location and target industry.
The findings are from Kaspersky’s latest APT Trends report for Q1 2023. This suggests that known threats such as Turla, MuddyWater, Winnti, Lazarus and ScarCruft regularly update their tools.
The report also mentions campaigns by newly discovered actors like Trila.
When it comes to programming languages used by these groups, Go, Rust, and Lua stand out.
Malicious campaigns by these actors are geographically dispersed.
Kaspersky writes:
MuddyWater is directly mentioned in reports as an actor who previously preferred to target organizations in the Middle East and North Africa, and has expanded its operations to Azerbaijan, Armenia, Malaysia, and Canada.
Find out more about MuddyWater here. MuddyWater uses SimpleHelp to target critical infrastructure companies
The same applies to targets, according to Kaspersky.
Most of the attacks targeting these entities are reportedly political.
“Geopolitics remains a major driver of APT development, and cyber espionage continues to be a key goal of APT campaigns.”
Commenting on the findings, David Emm, Principal Security Researcher at Kaspersky’s Global Research and Analysis Team (GReAT), said there are some clear trends emerging in the APT landscape.
“Having tracked the same APT actors for decades, it is clear that they are constantly evolving with new techniques and toolsets,” the executive explained.
“Organizations must be vigilant and have the threat intelligence and appropriate tools to defend against existing and emerging threats.”
A good example of these changing tactics was recently observed in Russian hackers who have begun to focus on espionage in Ukraine.
