Advanced persistent threat (APT) actors are cyber attacks that continuously advance their ways of working. In Q3, Kaspersky’s researchers witnessed Lazarus, a prolific advanced threat actor, developing supply chain attack capabilities and using their multi-platform MATA framework for cyber-espionage goals.
A history of attacks
Advanced persistent threat actor Lazarus has been active since at least 2009 as is considered prolific. The APT group has been behind widespread cyber-espionage and ransomware campaigns and has attacked the defence industry and the cryptocurrency market. With a wider suite of tools at their disposal, researchers fear that Lazarus will expand their scope of operations.
Widening scope
In June 2021, Kaspersky researchers saw the group attacking the defence industry using the MATA malware framework, which can target three operating systems – Windows, Linux and macOS. This marked the first time researchers tracked Lazarus using MATA for cyber-espionage purposes. The actor delivered a Trojanized version of an application known to be used by their victim of choice. Lazarus has also developed supply chain attack abilities and has recently targeted a South Korean think-tank and an IT asset monitoring solution vendor.
Defensive measures
Kaspersky suggested a series of steps to defend against such attacks including:
- Providing your SOC team with up to date information
- Training and developing the team’s skills to face the latest threats
- Implementing endpoint level detection, investigation and remediation of incidents through EDR solutions
- Creating a corporate-grade solution to detect threats to the network level at an early stage
- Train staff on general security issues and in particular social engineering
Kaspersky’s full Q3 APT trends report can be read here.
