The APT, or Advanced Persistent Threat, is the latest cyber-threat to be active in our environment. It is currently known to affect computers around the world. It has a range of capabilities, which makes it a potentially formidable threat. Its popularity is increasing, and its presence is threatening to be a major problem for many organizations. But how can you keep it out of your network? Read on to learn more about APT hides among an emerging threat land grab.
APT38
APT38 is a North Korean state-sponsored threat group that is responsible for a series of cyber heists that stole millions of dollars from banks around the world. The threat actor also has linked to the theft of millions of dollars from crypto exchanges.
APT38 known for its ability to steal money through a series of fraudulent transactions on the SWIFT banking transaction system. APT38 has almost continuously targeted financial institutions worldwide. These attacks characterized by the long-term access and destruction of victim networks. In fact, APT38 was known to remain on the target network for at least 155 days.
APT35
APT35 is a threat actor linked to the Iranian government and has been a major cyber threat in the past decade. Its activities range from internet-based spying to long-term operations. APT35 targets government and private organizations, including military, media, and academia. It typically targets diplomatic personnel, U.S. government agencies, energy, transport and telecom sectors, and engineering services.
APT35 has responsible for numerous cyber attacks around the globe. Its main tools include malware loaders, backdoors, keyloggers, browser info stealers and Trojans. It also relies on penetration testing tools.
APT31
The Chinese state-sponsored cyber espionage group APT31 observed hijacking home routers. Researchers also observing threat actors conducting exfiltrations of data from infected networks. The threat group also linked to the APT20 espionage campaign, which appears to interested in monitoring political interests.
The APT31 threat group targets various organizations in several sectors. It primarily focuses on obtaining information for the Chinese government.
The group detected leveraging a variety of tools, including: Custom malware, downloaders, backdoors, network reconnaissance, network exploitation, and proxy meshes. This allows the operators to leverage their botnets, which relay malicious traffic and relay stolen data.
APT32
APT32 is a threat group that targets private, public, and government sector organizations in Southeast Asia and China. It uses a range of techniques including signature malware payloads, custom tooling, and commercially-available tools. The malware used by APT32 has the capability to penetrate a host computer and inject itself into memory.
In 2015 and 2016, FireEye detected APT32 activities, including a malware attack on Vietnamese media outlets. In addition, the Electronic Frontier Foundation appeared to be a victim of APT32’s clandestine data collection activity.
APT32 is a Vietnam-based threat group that conducts covert cyber-espionage. It targets a wide range of sectors, from journalists and human rights activists to large multinational corporations.
APT14
Among the growing land grab of emerging threats, one threat actor is avoiding detection. The threat known as APT14, which has targeting organizations in a variety of industries. The group focuses on technology companies, satellite communications, and telecommunications firms.
The malware, referred to by security researchers as PowerPool, uses PowerShell to perform lateral movement. In addition, the group changes DNS configuration and then redirects traffic to malicious apps disguised as legitimate sites. The attackers use previously undiscovered zero-day exploits to launch spear phishing attacks on targeted individuals.
Finished: APT Hides Among an Emerging Threat Land Grab
