Sergey Nivens -

APAC plagued by APT, ransomware attacks

The Asia-Pacific region was a primary target of advanced persistent threat groups, mostly from China, Iran, North Korea and Russia, that carried out 34 campaigns between June 2019 to June 2020

Asia-Pacific (APAC) was a primary target of advanced persistent threat (APT) groups between June 2019 and June 2020, new research by Group-IB has found.

According to the cyber security firm’s latest cyber threat report, a total of 34 campaigns were carried out in the APAC region during the review period, with APT groups from China, North Korea, Iran and Pakistan being the most active. 

Overall, the majority of state-sponsored threat actors active globally over the review period originated from China (23), which is followed by Iran (eight APT groups), North Korea and Russia (four APT groups each), India (three), and Pakistan and Gaza (two each). South Korea, Turkey and Vietnam are reported to have one APT group each.

Group-IB’s researchers had also detected seven previously unknown APT groups, namely Iran’s Tortoiseshell, China’s Poison Carp, South Korea’s Higaisa, China’s Avivore, Saudi Arabia’s Nuo Chong Lions, as well as Chimera WildPressure, whose geographical affiliation remains unknown.

At least three of the groups – Poison Carp, Higaisa and Chimera – operate in the APAC region. In addition, six known groups that remained unnoticed in recent years resumed their operations.

The APAC region continues to be a hotspot for ransomware attacks, accounting for about 7% of the total number of reported ransomware incidents. The most frequently attacked countries in the region were India and China, according to Group-IB.

The Maze and Revil ransomware were the most prolific. Operators of these two strains were believed to conducted more than 50% of all successful ransomware attacks. Ryuk, NetWalker and DoppelPaymer formed the second tier.

Read more about cyber security in APAC

Group-IB said the “ransomware pandemic” was triggered by the active efforts to bringing together ransomware operators and cyber criminals involved in compromising corporate networks.

Among the main ways to gain access to corporate networks were brute-force attacks on remote access interfaces such as virtual private networks, the use of malware (for example, downloaders) or new types of botnets, with the latter being used for distributed brute-force attacks from a large number of infected devices, including servers.

In APAC, the majority of companies whose access to corporate networks was put up for sale on underground forums this year were from China (2.2%), Australia (1.9%) and India (1.1%). In 2019, the top three were represented by the same countries, though with different shares: Australia (4.6%), India (3.8%) and China (1.5%).

Read more on Hackers and cybercrime prevention

Data Center
Data Management