Kaspersky Finds New Attack Scheme Using Cloud Services

JAKARTA - Kaspersky discovered a new campaign targeting industrial organizations in the Asia-Pacific region, where attackers use legitimate cloud services to manage malware and evade detection.

The attack was carried out using China's legitimate myqcloud cloud content (CDN) delivery network and the Youdao Cloud Notes service. Undetected, attackers can spread malware through networks of victims' organizations, install remote administration tools, manipulate devices, steal and remove confidential information.

The campaign targets government agencies and industrial organizations in several countries and territories in the Asia Pacific region, including Taiwan, Malaysia, China, Japan, Thailand, Hong Kong, South Korea, Singapore, the Philippines, and Vietnam.

Dalam skema ini, pelaku mengirimkan archival televisi dengan malware, yang diungkamkan sebagai dokumen terkait pajak kepada korban dalam sebuah kampanye phishing melalui email dan messenger (WeChat dan Telegram).

Kaspersky called this campaign a SalmonSlalom, as attackers challenged cyber defenses such as salmon that navigates the waterfall while swimming upstream, losing strength while maneuvering between sharp rocks.

"This special campaign serves as a warning to various industrial organizations in the Asia Pacific region, reminding them of threat players who show the ability to gain long-distance access to operational technology systems," said Evgeny Goncharov, Head of Kaspersky ICS CERT.

Kaspersky pun menyarankan organisasi-organisasi ini untuk meningkatkan langkah-langkah keamanan mereka dan secara proaktif merespons untuk melindungi aset dan data dari pelaku kejahatan siber yang semakin menggitap.