Kaspersky Report Reveals Modern Engineering from Asia's APT Group

JAKARTA - Cyber ​​Threat Intelligence Team, Kaspersky has published a study on Asia APT (Advanced persistent threats) Tactics, Techniques, and Procedures (TTP), which analyzes around one hundred incidents that occurred in various regions around the world, starting in 2022.

Then, the experts selected five specific incidents that occurred in Russia and Belarus, Indonesia, Malaysia, Argentina, and Pakistan, each of which was considered to represent the geographically dispersed nature of the attacks.

This research reveals that, APT Asia does not show regional bias in target selection. Victims are spread across the globe, creating a challenge for anyone trying to identify which regions are most frequently targeted.

“This means the attackers used consistent tactics across the globe, demonstrating their ability to use uniform weaponry against a wide range of victims,” Kaspersky said in its report.

Apart from that, the report also states that the main characteristic of these attackers is their proficiency in using a combination of techniques. They used the 'Create or Modify System Process) and Windows Services Technique T1543.003,' which allowed them to elevate privileges.

Additionally, they also used 'Hijack Execution Flow: DLL Side-Loading T1574.002,' a tactic commonly used to avoid detection. This strategic combination appears to be typical of cyber groups in Asia.

Most importantly, Kaspersky found these Asian groups' primary focus was cyber espionage, as evidenced by their efforts to collect sensitive information and funnel it to legitimate cloud services or external channels.

In this case, the most frequently targeted industries include government, industry, health, technology.