The Kaspersky Cyber Threat Intelligence team has released a comprehensive 370-page report titled “Modern Asian APT groups: Tactics, Techniques and Procedures,” shedding light on the strategies employed by Asian Advanced Persistent Threat (APT) groups.
Drawing from the analysis of approximately one hundred cybersecurity incidents that occurred globally in 2022, the report offers crucial insights into the tactics used by APT groups at different stages of the cyber-attack process.
Furthermore, an essential finding of the research is that Asian APTs display no regional bias in target selection, showcasing their ability to consistently employ tactics worldwide. These attackers skillfully combine techniques, particularly the “Create or Modify System Process” and “Hijack Execution Flow,” enabling them to escalate privileges and avoid detection.
Additionally, the primary focus of Asian APT groups is cyber-espionage, emphasizing the gathering of sensitive information funneled to legitimate cloud services or external channels. Despite this emphasis, the report notes occasional deviations from the pattern, such as instances where these groups employ ransomware in their attacks. The industries most frequently targeted by these APT groups include government, industrial, healthcare, IT, agriculture, and energy sectors.
At the same time, Kaspersky emphasizes the importance of knowledge in enhancing cybersecurity resilience and encourages the entire cybersecurity community to engage in a knowledge-sharing mission for a more secure digital landscape. Nikita Nazarov, the head of threat exploration at Kaspersky, highlights the report’s goal of empowering security specialists with the necessary insights to stay ahead of potential threats.