JAKARTA - Asia Pacific has always been an area targeted by cybercriminals to launch its action, as the geopolitical landscape of the region is tense, combined with rapid digital developments.
Main Security Researcher at Kaspersky Global Research and Analysis Team (GReAT), Noushin Shabab revealed key cyber espionage groups that constantly haunt state secrets, military intelligence, and other information from governments across the region.
In Asia Pacific, Kaspersky revealed the main active group in 2024 to date includes:
The APT group's SideWINDer targets governments, military and diplomatic entities in the region with spear phishing and advanced attack platforms.
They have strong interest in the maritime sector (Bangladesh, Cambodia, and Vietnam) and logistics (China, India, and Maldives). It also shows a higher focus on nuclear power plants and energy facilities throughout South Asia.
Sri Lanka, Nepal, Myanmar, Indonesia, and the Philippines are also on SideWinder's target list.
Spring Dragon aka Lotuswasom with a special interest in Vietnam, Taiwan and the Philippines, the threat perpetrators took advantage of spear phishing, exploitation, and watering hole attacks to infiltrate the victim's engine, and target government entities in Southeast Asia.
Tetris Phantom was discovered in 2023, this APT group first deployed very sophisticated malware targeting a safe type of USB drive.
HoneyMyte this APT group is known for its purpose of stealing sensitive political and strategic information from the government and diplomatic entities in Southeast Asia, especially Myanmar and the Philippines.
This threat actor is now using the ToneShell malware which is spread through several loaders in various campaigns throughout 2024 to 2025.
SEE ALSO:
ToddyCat has been targeting important victims in Malaysia since 2020. Technically, this group has developed code-based malicious devices available to the public to break through legitimate security software to avoid detection.
Lazarus a group known for the well-known "Bank Bangladesh robbery", the country-sponsored threat actor continues to be one of the main APTs in the region with a campaign with espionage and financial motives.
Kaspersky first observed Mysterious Elephant in May 2023, the group deployed a new backdoor family capable of executing orders and dealing secretly with files.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
