Kaspersky has released its latest quarterly report on Advanced Persistent Threats (APTs) trends, summarizing the latest developments in new and ongoing malicious campaigns. In the second quarter of 2023, researchers found new malware variants, updated toolsets, and fresh techniques from threat actors.

In the quarter's most significant finding, researchers exposed the long-running "Operation Triangulation" campaign, involving the use of a previously unknown iOS malware platform. Experts also observed other interesting developments that they believe everyone should be aware of. Here are key highlights from the report:

Asia-Pacific witnesses a new threat actor: Mysterious Elephant

Kaspersky uncovered a new threat actor belonging to the Elephants family, operating in the Asia-Pacific region, dubbed "Mysterious Elephant." In their latest campaign, the threat actor employed new backdoor families, capable of executing files and commands on the victim's computer, and receiving files or commands from a malicious server for execution on the infected system. While Kaspersky researchers have observed overlaps with Confucius and SideWinder, Mysterious Elephant possesses a distinctive and unique set of TTPs, setting them apart from these other groups.

Toolsets upgraded: Lazarus' develops new malware variant, BlueNoroff attacks macOS, and more

Lazarus upgraded its MATA framework and introducing a new variant of the sophisticated MATA malware family, MATAv5. BlueNoroff, a financial attack-focused subgroup of Lazarus, has employed new delivery methods and programming languages in recent campaigns, including the use of Trojanized PDF readers, macOS malware, and the Rust programming language. Additionally, ScarCruft APT group has developed new infection methods, evading Mark-of-the-Web (MOTW) security mechanism. The ever-evolving tactics of these threat actors present new challenges for cybersecurity professionals.

Geopolitical influences remain primary drivers of APT activity

APT campaigns remain geographically dispersed, with actors concentrating their attacks on regions including Europe, Latin America, the Middle East and various parts of Asia. Cyber espionage, with a solid geopolitical backdrop, continues to be a dominant agenda for these campaigns.

"While some threat actors stick to familiar tactics like social engineering, others have evolved, refreshing their toolsets and expanding their activities," said David Emm, principal security researcher at Kaspersky's Global Research and Analysis Team (GReAT). "Moreover, new advanced actors, such those conducting the ‘Operation Triangulation' campaign, constantly emerge. This actor uses a previously unknown iOS malware platform distributed through zero-click iMessage exploits. Staying vigilant with threat intelligence and the right defense tools is crucial for global companies, so they can protect themselves against both existing and emerging threats. Our quarterly reviews are designed to highlight the most significant developments among APT groups to help defenders combat and mitigate related risks."

To read the full APT Q2 2023 trends report, please visit Securelist.