For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q2 2022.
Readers who would like to learn more about our intelligence reports or request more information on a specific report, are encouraged to contact [email protected].
The most remarkable findings
On January 24, a hash for sophisticated Solaris SPARC malware was posted on Twitter. The complex, modular cyber-espionage platform rivals EquationDrug, Remsec, and Regin in complexity. We identified a Windows variant of this sample using the same string encryption algorithm, internal modules, and functionalities. The implant is a complex framework internally called SBZ. It supports multiple exfiltration methods and complicated networking infrastructure, including addressing, redirection, and routing. SBZ probably refers to STRAITBIZZARE, a cyber-espionage platform used by the Equation Group. It is also interesting to note the overlap between the Interface IDs from the DanderSpritz samples from the ShadowBrokers’ dump “Lost in Translation” and the Interface IDs in the framework we were able to correlate. Our two private reports provided technical information on the Windows and SPARC variants respectively.
In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagge ..
Support the originator by clicking the read the rest link below.
