Kaspersky ICS CERT experts have discovered a cyberattack campaign targeting industrial organizations in the Asia-Pacific (APAC) region. The campaign targets government agencies and heavy industrial organizations in many countries in the Asia-Pacific (APAC) region, including Taiwan (China), Malaysia, China, Japan, Thailand, South Korea, Singapore, the Philippines and Vietnam.
Hackers use a compressed file containing malicious code, disguised as a tax-related document, to spread it through phishing campaigns on emails and messaging apps like WeChat and Telegram. After a complex multi-layered malware installation process is installed on the system, cybercriminals will proceed to install a backdoor called FatalRAT.
While the campaign shares some similarities with previous attacks using open-source remote access malware (RATs) such as Gh0st RAT, SimayRAT, Zegost, and FatalRAT, experts have noticed significant changes in tactics, techniques, and methods of operation, all of which have been tailored to target Chinese-speaking organizations and agencies.
Kaspersky dubbed the campaign SalmonSlalom to describe how cybercriminals skillfully evaded network defenses with sophisticated tactics and constantly changing methods, similar to salmon swimming through a rapid, arduous journey that requires endurance and ingenuity to overcome obstacles.
To proactively protect heavy industrial organizations from this attack campaign, Kaspersky recommends the following measures:
- Always enable and require two-factor authentication (2FA) when logging into administrative accounts and web interfaces of security solutions.
- Install the latest versions of centralized security solutions across the system, and regularly update anti-virus databases and program modules.
- Update information about the latest threats (for example, from Kaspersky Security Network) for groups of systems that are not restricted from using cloud security services by law.
- Deploy security monitoring systems (SIEM) such as Kaspersky Unified Monitoring and Analysis Platform…
“Cybercriminals use relatively simple techniques to achieve their goals, even in operational technology (OT) environments. This campaign is a warning to heavy industry organizations in the APAC region that malicious actors are capable of remotely penetrating OT systems. Organizations need to raise awareness of these threats, strengthen their defenses, and proactively respond to protect assets and data from cyberattacks,” said Evgeny Goncharov, Head of Kaspersky ICS CERT.
![[Photo] Prime Minister receives a number of businesses investing in Ba Ria-Vung Tau province](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/3/20/8e3ffa0322b24c07950a173380f0d1ba)
![[Photo] President Luong Cuong receives former Vietnam-Japan Special Ambassador Sugi Ryotaro](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/3/20/db2d8cac29b64f5d8d2d0931c1e65ee9)
![[Photo] President Luong Cuong receives Ambassador of the Dominican Republic Jaime Francisco Rodriguez](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/3/20/12c7d14ff988439eaa905c56303b4683)
Comment (0)