A very active APT campaign targets the cryptocurrency space
A new, highly active Advanced Persistent Threat (APT) campaign dubbed “NaiveCopy” has attacked equity and cryptocurrency investors in South Korea, using cryptocurrency-related content and warnings from security forces. order as a decoy.
The infection chains involved injecting templates remotely, spawning a malicious macro that starts a multi-step infection procedure using Dropbox. After tagging the victim’s host information, the malware then attempts to retrieve the final stage payload.
What’s unusual, says Kaspersky, is that most APT players aren’t looking for financial gain.
Kaspersky also reports that in the second quarter of 2022, its researchers witnessed an increasing number of malicious actors targeting the cryptocurrency industry.
APT actors are continually changing their tactics, refining their tools and developing new techniques, the security giant adds.
In this case, researchers were able to acquire the final stage payload, consisting of several modules used to exfiltrate sensitive information from the victim. Analyzing this, they found additional samples that had been used a year ago in another campaign against entities in Mexico and the UK.
The researchers say they don’t see any specific links to any known threat actors, but they believe they know the Korean language and used a similar tactic previously used by the Konni group to steal a user’s login credentials. renowned Korean portal.
The Konni Group is a threat actor that has been active since mid-2021, primarily targeting Russian diplomatic entities.
Kaspersky publishes regular APT trends over three months reportusing its private threat intelligence research and includes major developments and cyber incidents that researchers believe everyone should be aware of.
David Emm, Senior Security Researcher at Kaspersky’s GReAT, says, “Over several quarters, we have seen APT players turn their attention to the cryptocurrency industry. Using various techniques, actors seek not only information, but also money. This is an unusual, but growing, trend in the APT landscape. In order to combat threats, organizations need to gain visibility into the recent cyber threat landscape. Threat Intelligence is an essential component that enables reliable and timely anticipation of such attacks.