New tools, open source threats and hacktivism: Kaspersky reveals key trends for the current APT landscape

In the second quarter of 2024, Kaspersky’s Global Research and Analysis Team (GReAT) observed notable changes in the activities of cyber threat actors. Some maintained their usual patterns, while others significantly updated their tools and broadened their activities.

Kaspersky’s telemetry data revealed a surge in sophisticated cyberespionage campaigns, particularly targeting government, military, telecommunications, and judicial sectors.

Here are some key highlights from the latest Advanced Persistent Threats (APT) trend report

One key development was the exploitation of open-source threats, including the backdooring of XZ, a compression utility used in Linux distributions. Attackers employed social engineering to gain persistent access to the development environment, concealing their activities through anti-replay features and custom steganography. These tactics kept the threat undetected for years.

Hacktivism also played a significant role, with groups like Homeland Justice launching damaging attacks. In Albania, they exfiltrated over 100TB of data and wiped database servers, severely disrupting the targeted organizations.

Additionally, attackers have updated their toolsets. The GOFFEE group transitioned from older tools like Owawa and VisualTaskel to new methods, including a loader disguised as a legitimate document. Their campaigns continue to evolve, enhancing their infiltration tactics.

APT campaigns impacted all regions globally, highlighting the widespread reach of these threats across Europe, the Americas, Asia, the Middle East, and Africa.

“APTs continuously evolve, adapting their tactics and expanding their reach, making them a relentless force in the cyber landscape. To combat these ever-changing threats, it’s crucial that the cyber-community unites, sharing information and collaborating across borders.

Only through collective vigilance and open communication can we stay one step ahead and safeguard our digital world,” comments David Emm, Principal Security Researcher at Kaspersky’s GReAT.

More exclusive research on the most complex threats will be unveiled at upcoming Security Analyst Summit (SAS) set to take place for the sixteenth time from October 22-25, 2024, in Bali.
To learn more about APT threat landscape in Q2 2024, visit Securelist.com.

Kaspersky’s GReAT actively share their latest findings and exclusive insights through the Kaspersky Threat Intelligence Portal (TIP).