October 18, 2023 at 05:33AM
The Asia-Pacific region is experiencing a cyber espionage campaign called TetrisPhantom, in which government entities are the primary targets. The attackers exploit secure USB drives with hardware encryption to gather sensitive data. The campaign is sophisticated and likely the work of a nation-state group. In addition, a new APT actor called BadRory has been identified, targeting government entities, military contractors, universities, and hospitals in Russia through spear-phishing emails with booby-trapped Microsoft Office documents.
Key takeaways from the meeting notes:
– Government entities in the Asia-Pacific region are being targeted by a cyber espionage campaign called TetrisPhantom.
– The campaign is conducted by a highly skilled and resourceful threat actor, likely a nation-state crew.
– The attacker exploits a specific type of secure USB drive, used by government organizations worldwide, to steal sensitive data.
– The malware components of the campaign can self-replicate through connected secure USB drives and execute malicious files on infected systems.
– Another unknown APT actor, referred to as BadRory, has targeted government entities, military contractors, universities, and hospitals in Russia through spear-phishing emails.
– BadRory’s attacks occurred in two waves, one in October 2022 and another in April 2023.