SGGPO
Kaspersky researchers have discovered a new attack campaign dubbed “TetrisPhantom” that has repeatedly compromised a type of secure USB used to provide encryption to ensure the safety of data storage.
 |
| Kaspersky detects APT campaign targeting government organizations in Asia-Pacific. |
Kaspersky's Global Research and Analysis Team (GReAT) has uncovered a long-running espionage campaign conducted by a previously unseen attacker.
Attackers have been secretly monitoring and collecting sensitive data from APAC government organizations by exploiting encrypted USB drives, which are protected by hardware encryption to ensure secure storage and transfer of data between computer systems. These USB drives are used by government organizations around the world, increasing the likelihood that more organizations will fall victim to these attacks in the future.
The campaign uses various malicious modules that allow attackers to gain full control over the victim's device. This allows them to execute commands, collect files and information from the compromised machines, and infect other machines using the same or a different type of encrypted USB drive.
“These operations were carried out by a highly skilled and sophisticated threat actor with a deep interest in espionage operations in sensitive and protected government networks,” said Noushin Shabab, Senior Security Researcher at Kaspersky’s Global Research and Analysis Team (GReAT).
To prevent falling victim to a targeted attack, Kaspersky researchers recommend taking the following measures: Be cautious with emails, messages or calls asking for sensitive information. Verify the identity of the person requesting the information before sharing personal data or clicking on suspicious links. Grant access to the latest threat intelligence to your Security Operations Center (SOC).
Kaspersky Threat Intelligence Portal is Kaspersky’s single point of access to threat intelligence, cyberattack data, and insights gathered by our teams over more than 20 years. To detect, investigate, and remediate incidents promptly at the endpoint level, deploy EDR solutions such as Kaspersky Endpoint Detection and Response.
Source
Comment (0)