Sergey Nivens - stock.adobe.com
Asia-Pacific (APAC) was a primary target of advanced persistent threat (APT) groups between June 2019 and June 2020, new research by Group-IB has found.
According to the cyber security firm’s latest cyber threat report, a total of 34 campaigns were carried out in the APAC region during the review period, with APT groups from China, North Korea, Iran and Pakistan being the most active.
Overall, the majority of state-sponsored threat actors active globally over the review period originated from China (23), which is followed by Iran (eight APT groups), North Korea and Russia (four APT groups each), India (three), and Pakistan and Gaza (two each). South Korea, Turkey and Vietnam are reported to have one APT group each.
Group-IB’s researchers had also detected seven previously unknown APT groups, namely Iran’s Tortoiseshell, China’s Poison Carp, South Korea’s Higaisa, China’s Avivore, Saudi Arabia’s Nuo Chong Lions, as well as Chimera WildPressure, whose geographical affiliation remains unknown.
At least three of the groups – Poison Carp, Higaisa and Chimera – operate in the APAC region. In addition, six known groups that remained unnoticed in recent years resumed their operations.
The APAC region continues to be a hotspot for ransomware attacks, accounting for about 7% of the total number of reported ransomware incidents. The most frequently attacked countries in the region were India and China, according to Group-IB.
The Maze and Revil ransomware were the most prolific. Operators of these two strains were believed to conducted more than 50% of all successful ransomware attacks. Ryuk, NetWalker and DoppelPaymer formed the second tier.
Read more about cyber security in APAC
- Security operations teams in India and Japan see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic.
- Security leaders in Asia-Pacific are adopting zero-trust security, but challenges stand in their way of reaping the full potential of the security model.
- Ransomware attacks were one of the top causes of data breaches in Australia during the first half of this year, according to the latest statistics report from the Office of the Australian Information Commissioner.
- A renowned ethical hacker in Malaysia has called for more nations to support the Paris Call for Trust and Security in Cyberspace to counter the threat of cyber warfare.
Group-IB said the “ransomware pandemic” was triggered by the active efforts to bringing together ransomware operators and cyber criminals involved in compromising corporate networks.
Among the main ways to gain access to corporate networks were brute-force attacks on remote access interfaces such as virtual private networks, the use of malware (for example, downloaders) or new types of botnets, with the latter being used for distributed brute-force attacks from a large number of infected devices, including servers.
In APAC, the majority of companies whose access to corporate networks was put up for sale on underground forums this year were from China (2.2%), Australia (1.9%) and India (1.1%). In 2019, the top three were represented by the same countries, though with different shares: Australia (4.6%), India (3.8%) and China (1.5%).