Security researchers observed a noticeable spurt in the activities of advanced persistent threat (APT) groups based in certain parts of Asia and in the Middle East during the first three months of the year.
In its latest quarterly threat intelligence summary, security firm Kaspersky Lab reports the emergence of new groups of cyber-criminals based in Asia and in the Middle East who are also leveraging new techniques to launch attacks on targeted organisations.
These groups included some Chinese-speaking hackers who targeted government entities mainly in Malaysia and Taiwan, while also increasing their focus on targeted organisations based in the Philippines, Russia, and Mongolia. A couple of well-known examples of such groups were CardinalLizard and ShaggyPanther.
Kaspersky Lab researchers also observed several hacking operations carried out by such groups based not on financial, but political interests. For example, a Chinese-speaking hacker group named IronHusky APT, which used to exclusively target Russian military entities, suddenly shifted its attention to Mongolia and started targeting Mongolian government entities just before their meeting with the International Monetary Fund.
At the same time, the Kimsuky APT, which is allegedly composed of North Korean hackers, renewed its cyber-offensive on South Korean think tanks and political parties in the first three months of the year with a completely new framework designed for cyber-espionage and used in a spear-phishing campaign.
"From January to March, the most common and accessible malware tools were used by a number of new threat groups, which varied in sophistication. During this time, no significant activity was observed from some well-known actors. This activity points us to the possibility that these threat groups are regrouping and reconsidering their strategies for attacks to come," said David Emm, principal security researcher at Kaspersky Lab.
The researchers also observed the mushrooming of several new threat actors in the Middle East, most prominent of which were the StrongPity APT which launched several man-in-the-middle attacks on prominent ISPs, and the Desert Falcons which launched malware attacks on Android devices.
Security researcher Chris Doman from AlienVault told SC Magazine UK that even though organisations based in Asia have been hot targets for hackers for several years, the recent rise in targeted attacks coincides with a small drop in such attacks on the West.
He added that both North Korean and Chinese hackers have recently moved from primarily espionage based attacks to additionally executing financially motivated attacks, such as crypto-currency mining. When asked if such hacker groups are funded by their governments, he said that while it is certainly the case with North Korea, it is not so as far as Chinese hacker groups are concerned.
"It's difficult to imagine hackers from North Korea not being directed in some form by the state, even though many now operate outside of the country itself. In the case of Chinese attackers, it may be that they are trying to supplement income that they used to receive from the state but no longer do," he said.
The use of new techniques by Chinese hackers to target individuals and organisations in the West were also observed by security experts in the recent past. For instance, in August last year, researchers at Proofpoint spotted a Chinese advance persistent threat (APT) group carrying out phishing attacks, luring people to download leaked Game of Thrones episodes, and downloading remote access trojans in victims' systems.