Source |
CSO |
Identifiant |
8306508 |
Date de publication |
2023-02-02 01:00:00 (vue: 2023-02-02 10:08:22) |
Titre |
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage |
Texte |
State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that traditionally targeted Israeli companies started going after their foreign subsidiaries. At least one North Korean group that was focused on South Korea and Russia has started using English in its operations. All these operational changes suggest organizations and companies from Western countries are at increased risk from APT activity.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
activities activity advanced after all apt apts are article asia associated attacks based campaigns changes chinese click companies countries cover data destroy english entities european focus focused foreign from full gathering going group groups has here hide increased increasingly infrastructure insidious intelligence iran israeli its korea korean lazarus least like months more multiple north one operational operations organizations over past persistent please previously programs ransomware read risk russia russian sabotage same sandworm shifted six some south sponsored started state subsidiaries suggest targeted targeting these threat time times traditionally ttps use used using western |
Tags |
Ransomware
Threat
Medical
|
Stories |
APT 38
|
Notes |
★★
|
Move |
|