An increasing number of advanced persistent threat (APT) groups have been updating their toolsets and exploring new attack vectors in terms of both locations and target industries.
The findings come from Kaspersky’s latest APT trends report for the first quarter of 2023. It suggests known threats such as Turla, MuddyWater, Winnti, Lazarus and ScarCruft have regularly updated their tools.
The report also mentions campaigns from newly discovered threat actors like Trila.
In terms of programming languages used by these groups, Go, Rust and Lua have been particularly prominent.
Malicious campaigns from these actors have been geographically dispersed.
“This quarter, we have seen actors focus their attacks on Europe, the US, the Middle East and various parts of Asia,” Kaspersky wrote.
MuddyWater is mentioned directly in the report as an actor that previously preferred targeting Middle Eastern and North African entities and has expanded its activity to Azerbaijan, Armenia, Malaysia and Canada.
Read more on MuddyWater here: MuddyWater Uses SimpleHelp to Target Critical Infrastructure Firms
The same goes for targets, according to Kaspersky: “They include government and diplomatic bodies, aviation, energy, manufacturing, real estate, finance, telecoms, scientific research, IT and gaming sectors,” the company wrote.
Most of the attacks targeting these entities were reportedly political.
“Geo-politics remains a key driver of APT development, and cyber-espionage continues to be a prime goal of APT campaigns.”
Commenting on the findings, David Emm, a principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), said some distinct trends are emerging in the APT landscape.
“While we have been tracking the same APT actors for decades, it’s clear they are continually evolving with new techniques and toolsets,” the executive explained.
“Organizations must remain vigilant and ensure they are equipped with threat intelligence and the appropriate tools to defend against existing and emerging threats.”
A fitting example of these shifting tactics has been observed recently in Russian hackers, who have started focusing on espionage campaigns in Ukraine.