The telecoms and energy sectors in Middle East, Turkey and Africa (META) were the most targeted by advanced persistent threats (APTs) in the first quarter of 2023.
This was the word from Maher Yamout, senior security researcher in Kaspersky’s Global Research and Analysis Team, at the Cyber Security Weekend – META 2023 in Almaty, Kazakhstan.
Yamout explained that APTs are typically groups of highly-organised people, targeting any entity or person that can facilitate or has access to the APT requirements. They are usually influenced by global or regional politics, economical and intelligence requirements, with the objective being cyber espionage.
Traditionally, government and diplomatic institutions were the top two consistently targeted entities, with the third usually dependent on the global situation at the time.
However, there was a shift in the first quarter of 2023, which saw institutions dealing with telecoms and energy-related infrastructure become APT targets.
As countries in Central and East Africa accelerate their digitisation agenda, government and diplomatic institutions, as well as industrial organisations, are rich targets for APT attacks this year, say Kaspersky experts.
“Strong cyber defence and intelligence sharing is important in this environment to identify and expose APT patterns, disarm cyber criminals and disrupt the kill chain.”
In terms of the geographical expansion of APTs, the experts indicate advanced actors are performing attacks with a focus on Europe, US, Middle East and various parts of Asia.
“While most actors previously targeted victims in specific countries, more and more APTs are now targeting victims globally. For instance, MuddyWater, an actor that previously showed a preference for targeting Middle Eastern and North African entities, has expanded its malicious activity to organisations in Azerbaijan, Armenia, Malaysia and Canada.”
Yamout added that supply chain attacks are trending and on the rise in the META region.
He noted that supply chain attacks are those adversaries that may manipulate products or product delivery mechanisms prior to being received by a final consumer, for the purpose of data or system compromise.
The motivation, he added, is stealthy unauthorised access to a target system network.
The impact of supply chain associated risks usually lead to data leaks and breaches, unauthorised access and the potential to spread malware.
“The actor will go ‘shopping’ to see what software you use in your organisation and computer, so that they can go after that software and inject malicious code to infect the computing system.”
Share