Site icon Panda Security Mediacenter

CactusPete APT group takes aim at military and financial targets

APT

Nowadays, all types of businesses across all sectors are affected by cybercrime. This year, as the attack surface has grown due to the increase in telecommuting as a response to COVID-19, so other cyberthreats arising from generalized global uncertainty have also increased. Cybercriminals have not hesitated to take advantage of the situation in order to roll out phishing campaigns, propagate malware, exploit new vulnerabilities, and up the number of DDoS attacks, to name just a few strategies that are jeopardizing the cybersecurity of numerous companies.

Any organization could at some point be a target for cyberattacks. We have witnessed how the APT group dubbed ‘Vicious Panda’ has orchestrated a spear phishing campaign that uses the pandemic to spread the group’s malware. And it is not just the healthcare sector that is being targeted by organized cybercrime. Even the most advanced military institutions in the world, such as DISA (Defense Information Systems Agency), charged with overseeing US Defense Department and White House communications, reported a cyberattack in February that compromised the data of up to 200,000 staff and military personnel.

All these incidents can have grave consequences for victims, from damage to an organization’s reputation to productivity outages or even the complete shutdown of business activity, causing major financial losses. There can be no doubt that the most vulnerable sectors include critical infrastructure and those responsible for safeguarding a nation’s security. When military and diplomatic agencies are targeted, lives could be at risk.

Now CactusPete, an APT group based in China, has entered the fray with attacks targeting military and financial organizations in Eastern Europe.

CactusPete: a highly sophisticated APT

The China-based APT group known as CactusPete has re-appeared with a new campaign aimed at military and financial targets in Eastern Europe, which is a new area of operations for the group, as previously it has appeared to focus on organizations within a limited range of countries: South Korea, Japan, the United States, and Taiwan. Present campaigns seem to show that the gang has its sights on other organizations in Asia and Eastern Europe.

This time, it has upgraded a backdoor to attack military and financial organizations in Eastern Europe and access confidential information. The group used a new variant of the Bisonal backdoor, which allows attackers to steal information, run code on target computers, and move laterally within a network, according to researchers at Kaspersky. Moreover, the speed at which new malware samples are being produced suggests that the group is expanding rapidly, so organizations in the targeted area should keep their guard up. Also, in the 2020 campaign we have seen how the group has improved its techniques, with access to more sophisticated code, such as the ShadowPad modular attack platform.

How to protect systems against an APT

Exit mobile version