Kaspersky Finds APT Campaign Targeting Asia Pacific Government Entity
JAKARTA - Kaspersky researchers discovered a sustainable campaign that infiltrates certain USB drive types, which are used to provide secure data storage encryption.
Dubbed 'TetrisPhantom', this espionage effort targets government entities in the Asia-Pacific region (APAC), and shows no overlap with any known threat actors.
"Our investigation revealed the existence of high-level sophistication, including virtualization-based software hacking, low-level communications with USB drives using direct SCSI orders, and independent replication via connected secure USB," said Noushin Shabab, senior security researcher at Kaspersky's Global Research and Analysis Team (Global Research and Analysis Team GREAT).
In early 2023, Kaspersky's Global Research and Analysis team uncovered this espionage campaign, in which attackers secretly spy and retrieve sensitive data from Asia Pacific government entities by exploiting certain types of secure USB drives protected by hardware encryption to ensure storage and data transfer runs safely between computer systems.
VOIR éGALEMENT:
This secure USB drive is used by government organizations around the world, implying that more entities have the potential to become victims through similar techniques.
The campaign consists of various malicious modules, which allow them to perform commands, collect files and information from compromised machines, and transfer them to other machines using the same or different USB drive as operators.
"This operation was carried out by very skilled cybercriminals and many sense, driven by interest in espionage activities in sensitive and protected government networks," added Shabab.
Kaspersky researchers have stated that the campaign is still ongoing, experts are continuing to trace its progress, and expect to see more sophisticated attacks than those in the future.