State-Sponsored Hackers Changing Tactics to Put Companies at Risk
State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.
Chinese state sponsored hackers that were formerly targeting Asian companies have shifted to Europe. Iran state hacking groups that used to target Israel are now going after their foreign subsidiaries. A North Korean group that was focused on South Korea and Russia is now using English in their attacks, suggesting a shift of targets.
Russia’s Sandworm group, which is believed to be part of Russia’s military and which was attacking Ukrainian organizations with “wiper” attacks have expanded to countries that support Ukraine, like Poland.
Researchers have been able to track the work of Sandworm and its malware that wipes systems – even as the wiping malware evolves.
But some of these so-called advanced persistent threat (APT) groups are not actually using ransomware, but instead are using tactics usually associated with ransomware. This is a way to disguise what they are really doing, which is stealing your information.
If a state sponsored intelligence gathering operation wants to disguise what it is doing, it makes it look like ransoms were the target when in fact, the target really was to steal your intellectual property. That could be medical, energy and other sectors’ information.
Oh, yeah, they might be interested in sabotaging your business just to make life difficult and cause even more chaos, which masks their operations even more.
The advantage of this disguise is that when companies bring in the forensics experts, they say “oh we have seen this before, it is the XYZ group”, when, in fact, it is not them at all, but rather a different state actor who wants whatever information you have for a wide variety of reasons.
What that means is that you need to up your game if you have any information that state villains might be interested it. Or, if you don’t want to be sabotaged. Credit: CSO Online
by 