A series of attacks against Southeast Asian gambling companies known as Operation ChattyGoblin has been ongoing since October 2021, according to Slovak cybersecurity firm ESET.
The company has traced the campaign to a China-aligned threat actor targeting victim companies’ support agents using chat applications such as Comm100 and LiveHelp100. ESET’s APT Activity Report Q4 2022–Q1 2023 has also highlighted attacks against government institutions in South Asia by India-linked threat actors Donot Team and SideWinder.
An unnamed Indian data management services provider was also attacked by the North Korea-backed Lazarus Group, while Russian APT groups such as Gamaredon, Sandworm, Sednit, The Dukes, and SaintBear were detected employing updated versions of malware frameworks such as Elephant.
Kaspersky’s APT trends report for Q1 2023 revealed that a new threat actor called Trila had targeted Lebanese government entities using “homebrewed malware that enables them to remotely execute Windows system commands on infected machines”.
The report also highlighted a new Lua-based malware strain known as DreamLand that targeted a government entity in Pakistan. Kaspersky researchers explained that the malware was modular and utilised the Lua scripting language in conjunction with its Just-in-Time (JIT) compiler to execute malicious code that was difficult to detect.
Microsoft recently attributed Storm-0133, an emerging threat cluster affiliated with Iran’s Ministry of Intelligence and Security, to attacks exclusively targeting Israeli local government agencies and companies serving the defence, lodging, and healthcare sectors. ESET also identified the Iranian threat actor referred to as OilRig deploying a custom implant called Mango to an Israeli healthcare company.
Meanwhile, an Indian APT group called Confucius, active since at least 2013 and believed to share ties with the Patchwork group, used Pegasus-themed lures and other decoy documents to target Pakistani government agencies.
