Press ESC to close

APT trends Report Q3 2024

Category Details
Threat Actor/Family Unknown, possibly linked to OceanLotus (APT32) but not conclusively attributed.
Framework Name P8 framework
Victims Primarily from Vietnam, especially in the financial and real estate sectors.
Initial Infection Vectors Likely spear-phishing emails, use of obsolete Kaspersky Removal Tool, SMB, and printer driver vulnerabilities.
Tools Used P8 framework (loader + multiple plugins), Spectral Viper (OceanLotus), C2Implant.
Plugins/Modules 12 plugins identified, with functions for lateral movement, exfiltration, file management, credential stealing, screenshots, and custom loading.
Persistence Mechanisms Initial infections depended on commands from C2, later iterations included new persistence mechanisms.
Changes in Attacks Tactics, techniques, and procedures (TTPs) evolved over time, including changes in persistence and loading mechanisms.
Victimology Update Financial institutions in Vietnam, one manufacturing industry victim.
Targeted Technology Secure USB drives used by Southeast Asian government entity, compromised access management software.
Malware Found on USB Trojanized access management software designed to steal files and spread infection to other USB drives.
Related Threat Actor TetrisPhantom (attacks via Trojanized UTetris software).
New Attacks Detected Malicious code injected into secure USB drives found in 2024, targeting sensitive file transfer systems.
Differences with TetrisPhantom Despite similarities in tactics, the code used in recent USB drive attacks differs from previous UTetris-based attacks.

Read full article: https://securelist.com/apt-report-q3-2024/114623/

Disclaimer: The above summary has been generated by an AI language model

Source: Securelist by Kaspersky

Published on: November 28, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *