Advanced persistent threat (APT) groups diversified their cyberattack methods in the second quarter of 2020, according to a threat intelligence trends report from Russian cybersecurity software provider Kaspersky.
Key findings from Kaspersky's report included:
- Lazarus Launches Ransomware Attacks: The Lazarus APT group began using the MATA multi-platform framework to distribute malware and initiate ransomware attacks.
- Cactus Pete Leverages ShadowPad: Chinese-speaking threat actor Cactus Pete used the ShadowPad modular attack platform to launch cyberattacks.
- MuddyWater Uses a New C++ Toolchain: The MuddyWater APT utilized a new C++ toolchain in cyberattacks; during these attacks, APT groups leveraged the Secure Socket Funneling open-source utility for lateral movement.
- APT Groups Use HoneyMyte to Attack a Southeast Asian Government: APT groups used the HoneyMyte APT to launch a watering hole attack on the website of a Southeast Asian government; the attack was set up in March and may have used a combination of whitelisting and social engineering techniques to infect its targets.
- New OceanLotus Variants Discovered: New variants of OceanLotus, a multi-stage loader, were found that leveraged usernames, hostnames and other target-specific information to attack specific victims.
Along with the aforementioned report findings, APT groups continued to exploit the coronavirus (COVID-19) pandemic to lure potential victims in 2Q20, Kaspersky indicated. In addition, APT groups exploited Hades, MagicScroll and other software vulnerabilities during their cyberattacks.
Kaspersky previously discovered that mobile malware infections and distribution rose in 1Q20. It also indicated that APT groups are becoming increasingly interested in using mobile platforms during malware attacks.