Kaspersky: LuminousMoth spearphishing campaign hit 1,500 targets in Asia

Image: iStock/jauhari1

Security researchers astatine Kaspersky person identified a widespread cyberespionage run that targets authorities offices successful Asia; the cybersecurity onslaught starts with a spearphishing email. The information experts person identified 100 victims successful Myanmar and 1,400 successful the Philippines.

Kaspersky analysts explained the LuminousMoth onslaught connected the SecureList blog and suggested that the lopsided numbers betwixt the 2 countries could beryllium owed to an further and chartless corruption vector utilized lone successful the Philippines. 

The archetypal malicious email includes a Dropbox link. If an idiosyncratic clicks connected the link, this enactment downloads a RAR archive disguised arsenic a Word papers that carries the malicious payload, according to Kaspersky's analysis. Once the malware makes it to a machine, it exfiltrates information to a bid and power server. The malware besides tries to infect different machines by spreading done USB drives. If a thrust is available, the malware creates hidden directories connected the portable instrumentality wherever it moves each of the target's files. 

The malware has 2 different tactics to let lateral movement. The archetypal is simply a signed, fake mentation of Zoom, and the 2nd steals cookies from the Chrome browser. 

Aseel Kayal, information researcher with Kaspersky's Global Research and Analysis Team (GReAT), said successful a property merchandise that the standard of the onslaught is rare.

"It's besides absorbing that we've seen acold much attacks successful the Philippines than successful Myanmar," Kayal said. "This could beryllium owed to the usage of USB drives arsenic a spreading mechanics oregon determination could beryllium yet different corruption vector that we're not yet alert of being utilized successful the Philippines."

Kaspersky information researchers judge with mean to precocious assurance that the HoneyMyte menace radical is down the attack. The radical is simply a Chinese-speaking menace histrion and seems to beryllium funny successful gathering geopolitical and economical quality successful Asia and Africa. 

Mark Lechtik, elder information researcher with Kaspersky's GReAT team, said successful a property merchandise that this caller enactment seems to enactment the inclination of Chinese-speaking menace actors re-tooling and producing caller and chartless malware implants.

Kaspersky recommends taking these actions to support against these attacks:

• Providing basal cybersecurity hygiene grooming that covers phishing and different social engineering techniques.
• Conducting a cybersecurity audit of each networks and remediating weaknesses discovered connected the perimeter oregon wrong the network.
• Installing anti-APT and EDR solutions to let menace find and detection, probe and timely remediation of incidents.
• Provide the information squad with the latest menace intelligence. 
• Train information squad members regularly. 

Also spot

• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
• Shadow IT argumentation (TechRepublic Premium)
• Online information 101: Tips for protecting your privateness from hackers and spies (ZDNet)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)