14 DAY TRIAL // Researchers from Kaspersky Lab have discovered a large-scale superior persistent risk (APT) marketing campaign that involved multiple victims from Southeast Asia, as well as government agencies in Myanmar and the Philippines.
According to Kaspersky, there is a moderate to a high degree of confidence that this APT exercise cluster, dubbed LuminousMoth, was employed by HoneyMyte, a Chinese language-speaking cybercriminal gang.
The LuminousMoth cyberespionage attacks against different Asian government agencies have been going on since at least October 2020. It's worth mentioning that so far Kaspersky analysts have found more than 100 victims in Myanmar and more than 1,400 victims in the Philippine. Unfortunately, they were unable to assess the real scale of the assaults.
The links discovered include ties to various forms of community infrastructure comparable to the command-and-control systems typically used to deploy Cobalt Strike beacon payloads. The latter are also referred to as sleeper cells, as each member is capable of launching large-scale attacks on a variety of targets, only to hit a smaller subset that suits their motives.
Malware propagated via USB is extremely dangerous and can damage both home and commercial users
Once the malware is installed on a device, it attempts to spread by attaching USB removable drives. The malware creates hidden directories on the hard drive where it stores its destructive payload and the malware's own executable.
Afterwards, it provides threat operators with post-propagation tools used to make further moves on their victims' networks. For instance, one of these tools is a fake Zoom application capable of stealing cookies stored in Chrome. The research explains that threat actors steal the information they collect from infected devices and forward it to their command-and-control (C2) servers. Sometimes, the aforementioned data can pose as a trusted sources to avoid detection.
The researchers concluded that the large scale of the attack was quite unusual. In terms of geographical zones, Myanmar and the Philippines were the most frequent targets of these cyberattacks.