Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,223
- Points
- 113
Positive Technologies reveals attack patterns on Asian companies.
Positive Technologies published a study of the activities of APT groups attacking organizations in Southeast Asian countries. The largest number of attacks was recorded in the Philippines and Vietnam. The top three most targeted industries in the region include government agencies, telecommunications companies, and the military-industrial complex.
According to the study, the Philippines (85%), Vietnam (85%), Thailand (70%), Malaysia (70%) and Indonesia (60%) have the highest number of attacks.
Southeast Asia is of considerable interest from the point of view of the global economy and geopolitics. The analysis covers the activities of 20 APT groups attacking the region from January 2020 to April 2024. The main targets of attacks are government organizations, telecommunications companies (60% of attacks) and the military-industrial complex (50% of attacks).
One of the reasons for frequent attacks on telecommunications companies is the rapid development of 5G technologies, which creates additional vulnerabilities. Positive Technologies analysts have found that most APT groups launch attacks with phishing emails, often timed to coincide with significant events for the region, such as the ASEAN summits. Water hole attacks are also used, when web sites host scripts that upload malicious programs to users ' computers.
Once inside the network, attackers explore the environment, identify users of compromised nodes for privilege escalation and promotion in the infrastructure. Most groups collect network configuration data, scan files and directories for useful information, and examine running processes to get an idea of the security features that are installed.
APT groups use both unique software of their own design and legitimate tools that are already available in the compromised system, which allows them to mask their actions. For example, 70% of groups use Cobalt Strike, a commercial penetration testing software that is actively used by intruders. Special versions of Cobalt Strike with sophisticated anti-detection mechanisms were used in attacks on organizations in the Philippines, Thailand, Malaysia, and Indonesia from September 2021 to June 2022.
To protect against complex targeted attacks, Positive Technologies recommends that organizations pay attention to inventory of IT assets, monitoring and responding to incidents, improving employee cyber literacy, and evaluating security. A full list of APT grouping tactics and techniques can be found in the study on the Positive Technologies website.
Source
Positive Technologies published a study of the activities of APT groups attacking organizations in Southeast Asian countries. The largest number of attacks was recorded in the Philippines and Vietnam. The top three most targeted industries in the region include government agencies, telecommunications companies, and the military-industrial complex.
According to the study, the Philippines (85%), Vietnam (85%), Thailand (70%), Malaysia (70%) and Indonesia (60%) have the highest number of attacks.
Southeast Asia is of considerable interest from the point of view of the global economy and geopolitics. The analysis covers the activities of 20 APT groups attacking the region from January 2020 to April 2024. The main targets of attacks are government organizations, telecommunications companies (60% of attacks) and the military-industrial complex (50% of attacks).
One of the reasons for frequent attacks on telecommunications companies is the rapid development of 5G technologies, which creates additional vulnerabilities. Positive Technologies analysts have found that most APT groups launch attacks with phishing emails, often timed to coincide with significant events for the region, such as the ASEAN summits. Water hole attacks are also used, when web sites host scripts that upload malicious programs to users ' computers.
Once inside the network, attackers explore the environment, identify users of compromised nodes for privilege escalation and promotion in the infrastructure. Most groups collect network configuration data, scan files and directories for useful information, and examine running processes to get an idea of the security features that are installed.
APT groups use both unique software of their own design and legitimate tools that are already available in the compromised system, which allows them to mask their actions. For example, 70% of groups use Cobalt Strike, a commercial penetration testing software that is actively used by intruders. Special versions of Cobalt Strike with sophisticated anti-detection mechanisms were used in attacks on organizations in the Philippines, Thailand, Malaysia, and Indonesia from September 2021 to June 2022.
To protect against complex targeted attacks, Positive Technologies recommends that organizations pay attention to inventory of IT assets, monitoring and responding to incidents, improving employee cyber literacy, and evaluating security. A full list of APT grouping tactics and techniques can be found in the study on the Positive Technologies website.
Source
