Kaspersky has recently released a comprehensive report on Asian Advanced Persistent Threat (APT) groups. This report provides valuable intelligence data to counteract their activities and highlights the importance of preparedness in facing these groups.


The report covers various aspects of Asian APT groups. It includes detailed information on a Lazarus campaign that targets security company products and its connections to other campaigns [2]. It also discusses the Operation Triangulation campaign [2], which focuses on iPhones and iPads, as well as a modular framework used by mining malware [2]. The report emphasizes the common techniques employed by these groups and provides specific incidents involving them in different regions and industries [2]. Additionally, it delves into the technical details of their techniques, offering examples and approaches to detect them [2]. The report also analyzes attacker actions based on the Unified Kill Chain model [2]. It reveals that Asian APTs exhibit no regional bias in their target selection [1], demonstrating their ability to employ consistent tactics worldwide [1]. These attackers are skilled at combining techniques to escalate privileges and evade detection [1]. While their primary focus is cyber-espionage, with an emphasis on gathering sensitive information and transmitting it to legitimate cloud services or external channels [1], there are instances where these groups engage in ransomware attacks. The industries most frequently targeted by Asian APTs include government [1], industrial [1] [2] [3], healthcare [1] [3], IT [1] [3], agriculture [1] [3], and energy sectors [1]. Furthermore, the report mentions the creation of specific SIGMA rules based on the analysis of these attackers’ tactics [1], techniques [1] [2] [3], and procedures (TTPs) [1] [3].


This report serves as a valuable resource for understanding and countering the activities of Asian APT groups. It highlights the need for preparedness and provides insights into their techniques and tactics. By understanding their methods, organizations can better protect themselves and mitigate the risks posed by these groups. The report also emphasizes the importance of ongoing analysis and the creation of specific rules to detect and prevent future attacks. Overall, this report has significant implications for the cybersecurity community and provides a foundation for further research and defense against Asian APT groups.


[1] https://www.infosecurity-magazine.com/news/signature-techniques-of-asian-apt/
[2] https://ciso2ciso.com/modern-asian-apt-groups-tactics-techniques-and-procedures-ttps-source-securelist-com/
[3] https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-modern-asian-apt-groups-signature-techniques