LATEST INTELLIGENCE
• A rise in deceptive attacks on critical
infrastructure (designed to keep national
CERT teams and other cyber defense
agencies occupied while the hackers
chase other high-value targets)
APT Watch
Advance Persistent Threat groups across the
globe used the scare and anxiety generated
by the Coronavirus scare to lure victims to
download infected files or click on suspicious
links through targeted attacks. These groups
have become overactive in 47 out of 90
days of the last quarter with extensive and
focused work done by their hackers and
affiliated groups in targeting individuals,
governments and enterprises.
Kimsuky APT: of North Korean origin, is
among the oldest North Korean APT groups
out there. Primary targets include South
Korean institutions linked to the government,
higher education and research and defense.
The group has a global footprint that spans
nations such as India, USA, UK and France.
Modus operandi: plant malware in
documents claiming to outline South Korea’s
response to the Coronavirus pandemic. For
its attacks outside South Korea, the group
has been relying on as many as 11 emails
claiming to be from the World Health
Organization, Centers for Disease Control
and the National Health Service, UK. In
many instances the mails had PDF or word
documents loaded with BabyShark malware.
APT 36: of Pakistani origin, this
group is using multiple messages
related to Coronavirus to target Indian
think tanks, diplomatic institutions, and
defense installations.
Modus operandi: this group which used
to rely on ‘operational information’
mails in the past is now using healthcare
updates, health advisory for key personnel,
diplomatic response updates and
operational continuity as key themes in its
effort to trick potential victims. •
Download whitepapers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
23