For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q3 2023.
Readers who would like to learn more about our intelligence reports or request more information on a specific report, are encouraged to contact [email protected].
The most remarkable findings
In early 2023, we discovered an ongoing attack targeting government entities in the APAC region by compromising a specific type of a secure USB drive, which provides hardware encryption. Such secure USB drives are used by the government organisations of the country to securely store and transfer data physically between computer systems. The USB drive contains a protected partition which can only be accessed via custom software bundled on an unencrypted part of the USB and a passphrase known to the user.
Further investigation revealed a long-running campaign consisting of various malicious modules, used to execute commands and collect files and information from compromised machines and pass them on to further machines using the same or other secure USB drives as a carrier. They are also capable of executing other malicious files on the infected systems.
The attack comprises sophisticated tools and techniques, including virtualization-based software obfuscation for malware components, low-level communication with the USB drive using direct SCSI commands, self-replication through connected ..
Support the originator by clicking the read the rest link below.
