Kaspersky Labs has discovered new malware that has infected Philippine government agencies and entities

On July 14, Kaspersky Lab, a Russian cybersecurity firm, announced that it had identified “an unusual, widescale advanced persistent threat (APT) campaign against users in Southeast Asia, most notably Myanmar and the Philippines.”

“Attacks by APT actors are well-known for being highly targeted. Typically, they will handpick a selection of targets, which are then handled with near-surgical precision, with infection vectors, malicious implants, and payloads suited to the victims’ identities or environments. “In a blog post, Kaspersky outlined the situation.

“It’s not often that we see a large-scale attack carried out by actors who fit this profile, mainly because such operations are loud, exposing the underlying operation to security products or researchers.”

About 100 people were killed in Myanmar, while 1,400 people were killed in the Philippines, with some of the victims being government institutions and high-profile groups.

A Dropbox download link is included in the phishing emails issued by the campaign. When the connection is clicked, a RAR file disguised as a Word document is downloaded, carrying the payload. The infection can then spread by creating hidden directories on USB sticks and migrating all of the victim’s contents.

The malware can also exfiltrate data and transfer it to the malware actor’s command and control servers once it has gained access to a machine. It has also been discovered to make a bogus Zoom app and steal cookies from the Chrome browser.

Since at least October 2020, the group LuminousMoth has been engaged in an activity. According to the business, the effort was aimed initially at Myanmar, but it has subsequently been relocated to the Philippines.

In a separate press statement, Kaspersky said that LuminousMoth was discovered to have ties to the HoneyMyte group, also known as Mustang Panda. This “well-known, long-standing” Chinese-speaking cyber gang has historically been interested in “gathering geopolitical and economic intelligence in Asia and Africa.”

“We’ve seen a surge in activity by Chinese-speaking threat actors in the last year, and LuminousMoth isn’t likely to be the last. Furthermore, there’s a good likelihood the group will start honing its skills. Paul Rascagneres, a senior security researcher of Kaspersky’s Global Research and Analysis Team, said, “We’ll be keeping an eye out for any future advancements.”

Basic cybersecurity hygiene training, network cybersecurity audits, and the installation of anti-APT technologies are all recommended by Kaspersky.

Source: Rappler

+1
0
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0

Enter your email and get notified when new content is added!

We don’t spam! Read our privacy policy for more info.

Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to a friend