Spy spotting – what careless mistakes reveal about cyberespionage in APAC

Errorsand small clues left behind by attackers are vital in attribution, providing valuable intelligence on the people behind a cyberespionage attack and the possible connections between them. Kaspersky Lab’s researchers have been trackingadvanced cyberespionage operations originating in and targeting Asia Pacific countries for the last 10 years, and have undertaken a review of the contribution made by attackers’ careless mistakes.

For example a threat actor calledDropping Elephant, likely operating from India,reported by Kaspersky Lab in July 2016,targeted high profile diplomatic and economic entities in countries including Australia, China, Bangladesh, Taiwan and more. Clues revealed traces of three individuals where one in particular carelessly disclosed a personal document that led Kaspersky Lab researchers to find the faces behind Dropping Elephant.

Kaspersky Lab also published a report on Naikon APT in 2015. This cyberespionage campaign has been tracking geo-political intelligence in countries around the South China Sea for over half a decade, Later that year, an alleged connection discovered by ThreatConnectresearchersshowed a domain name used in Naikon APT, was also found across several social media accounts. These social media accounts carried more than 700 posts and 500 photos whichenabled researchers to track down an official’sreal location and work address.

Whatcareless mistakes and clues reveal about the individuals involved in cyber espionage?

•Apparent military connections

•Organisations engaged in undercover threat activity for State Security

•Private companies offering intelligent services

•Cyberespionage campaigns that consist of a variety of people with different skilled roles and responsibilities

Senior Security Researcher, Noushin Shabab says, “Cybersecurity researchers examine cyberespionage campaigns by chasing trails of clues and careless mistakes.Once wehave all the necessary pieces of the puzzle, we share evidences with fellow experts to be able to know the spies behind an attack, their main objectives and techniques, All the historic information gathered through investigating targeted attacks, helps us discover the truths and the myths of cyberespionage in the Asia Pacific region.”

General Manager ANZ, Anastasia Para Rae adds,”As cyberespionage and crime increases, it’s critical for organisations and experts to share cutting-edge knowledge’. We continue to witness the development of many attacks with no regard for the social or financial impact. The fact is, cyber spies will continue to take advantage of social engineering and open source data to develop sophisticated attacks. Investment in prompt and detailed information will better defend our businesses and ensure we can detect and respond to attacks. Kaspersky Lab’s Anti Targeted Attack Platform defends businesses from a multitude of threats every single time, no matter what form the attack takes.”

In order to protect your personal or business data from cyberattacks, Kaspersky Lab advises the following:

●Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.

●Educate and train your personnel on social engineering as this method is often used to make a victim open a malicious document or click on an infected link.

●Conduct regular security assessments of the organisations IT infrastructure.

●Use Kaspersky’s Threat Intelligence that tracks cyberattacks, incident or threats and provides customers with up-to-date relevant information that they are unaware of.