New Cybersecurity Threat ‘Mysterious Elephant’ Emerges in Asia-Pacific Region
In the second quarter of 2023 [1] [3], a new cybersecurity threat known as Mysterious Elephant emerged in the Asia-Pacific region [3]. This threat actor [1] [2] [3] [4] [5], belonging to the Elephants family [2], exhibits unique tactics [1], techniques [1] [2] [3] [4] [5], and procedures (TTPs) that distinguish them from other groups [2] [4].
Description
Mysterious Elephant’s latest campaign involved the use of new backdoor families to execute files and commands on victims’ computers and communicate with a malicious server. While there are some similarities with other threat actors like Confucius and SideWinder [1] [3], Mysterious Elephant has its own distinct set of TTPs [5].
Additionally, Kaspersky researchers have identified a campaign called “Operation Triangulation” that utilized a previously unknown iOS malware platform distributed through zero-click iMessage exploits. Notorious hacking group Lazarus has also made updates to its MATA framework and introduced a new variant of the MATA malware family [3], MATAv5 [1] [3] [4]. Another subgroup of Lazarus [1], BlueNoroff [1] [4], has focused on financial attacks and adopted new delivery methods and programming languages [1].
Geopolitical influences continue to drive APT activity [1] [4], resulting in campaigns dispersed across various regions [1]. To combat these evolving threats, Kaspersky researchers recommend timely updates of operating systems and software [1], specialized training for cybersecurity teams [1], and the use of threat intelligence information and Endpoint Detection and Response (EDR) solutions to minimize the impact of high-profile attacks [1].
Conclusion
Lazarus [1] [3] [4], a well-known threat actor [2] [4] [5], has updated its MATA framework and introduced MATAv5 [1] [3] [4], a new variant of the sophisticated MATA malware family [4]. BlueNoroff [1] [4], a Lazarus subgroup specializing in financial attacks [4], has adopted new distribution methods and programming languages [1] [4]. ScarCruft [4], another APT group [4], has developed new infection methods that bypass the Mark-of-the-Web (MOTW) security mechanism [4]. The evolving APT activities of these actors pose new challenges for cybersecurity professionals [4].
Geopolitical pressures continue to drive APT activity [1] [4], with attackers focusing their attacks on regions such as Europe [4], Latin America [4], the Middle East [4], and various parts of Asia [4]. Cyber espionage [4], with significant geopolitical implications [4], remains a dominant activity [4]. To address these challenges, it is crucial to prioritize timely updates, provide specialized training [1], and leverage threat intelligence and EDR solutions to minimize the impact of high-profile attacks.
References
[1] https://www.infosecurity-magazine.com/news/apt-mysterious-elephant-q2-2023/
[2] https://www.kaspersky.com/about/press-releases/2023_kaspersky-unveils-latest-apt-trends-for-q2
[3] https://pfete.com/index.php/2023/07/28/apt-mysterious-elephant-emerges-in-q2-2023-kaspersky-reports/
[4] https://www.bitmat.it/sicurezza/attivita-apt-nel-q2-2023-tra-novita-e-vecchie-conoscenze/
[5] https://www.ilgiornaleditalia.it/news/comunicati/516638/kaspersky-svela-le-ultime-tendenze-apt-del-secondo-trimestre.html