Kaspersky Lab Exposes TTPs of Asian Cyber Espionage Groups

Kaspersky Lab has unveiled a comprehensive analysis of the operations of Asian cyber espionage groups conducting espionage activities globally. The experts examined approximately a hundred incidents linked to these groups, identifying their principal tactics, techniques, and procedures (TTP). This report will assist information security professionals in detecting and countering such attacks.

Asian cyber collectives, including Lazarus, APT10, APT41, TA428, and others, are actively targeting a variety of entities across different global regions. Their targets encompass government institutions, industrial companies, healthcare organizations, and IT firms, among others, to harvest sensitive information and transmit it through cloud services or alternative channels.

To achieve their ends, they employ many methods and tools, often shared among the groups, which facilitate the planning and execution of their attacks while simultaneously complicating their identification. The Kaspersky Lab report intricately details the patterns characteristic of these Asian cyber groups at each stage of their attacks. It presents five real-world incident examples from Russia, Belarus, Indonesia, Malaysia, Argentina, and Pakistan.

For the analysis of the TTPs of these Asian cyber groups, the company utilized international tools, practices, and methodologies such as the Unified Kill Chain (UKC), MITRE ATT&CK, F3EAD, the Pyramid of Pain by David Bianco, and Intelligence Driven Incident Response. Based on the findings, experts have formulated a set of Sigma rules that will aid information security specialists in detecting potential attacks within their infrastructure.