A sophisticated espionage campaign targeting government and military entities in Vietnam has been discovered. The primary motive behind this campaign is to spy on the Vietnamese government and military organisations. In this advanced cyber-espionage campaign, threat actors use a remote-access tool (RAT) to carry out their malicious spying operations.
The malware used in the campaign, known as FoundCore, allows attackers to conduct filesystem manipulation, process manipulation, screenshot captures and arbitrary command execution.
Further analysis suggests that this campaign was conducted by a group known as Cycldek. According to analysis from Kaspersky Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes) has been targeting governments in Southeast Asia since 2013 and has been steadily adding more sophisticated tools over time.
“Once installed, it scans various paths on the infected device, collecting documents that possess certain extensions,” according to analysts at Kaspersky Labs. “These documents are then transferred to USB drives connected to the system. This suggests the malware was designed to reach air-gapped machines, or those that are not directly connected to the internet or any other computer connected to internet.”
The attack carried out by Cycldek is one example of the increased threat carried by organised groups across the globe. 2020 saw a huge acceleration in the creation and execution of malicious software and that trend has carried on in 2021. In 2020, Malware detections on Windows business computers decreased by 24% overall, but detections for HackTools and Spyware on Windows increased dramatically – by 147% and 24%, respectively. As well as cybercrime organisations stealing data and causing general chaos, the most worrying new tactic that has emerged is “double extortion,” which sees cybercriminal groups extorting money with threats to leak sensitive data from compromised computers if the unfortunate victims don’t pay up.
With more state backing, these attacks are becoming increasingly well-funded, complex and common. Contact Fundamentals First about how our Security Operations Centre (SOC) will operate as an extension to your in-house teams, providing the increased protection you require.
Extend your security with our SOC
Cyber-attacks from state-backed hackers to organised ransomware attacks is continuing to become an increasing challenge for many organisations. In fact, the continued increasing trend in cybercrime and cyber-attacks, including breaches, phishing, access management and endpoint security attacks, contributed to an estimated 12% Compound Annual Growth Rate in cyber security IT spending by the end of 2021.
This challenge has worsened over 2020 and 2021, with many organisations having their employees working at home due to coronavirus. The mass adoption of new ways of working, the provisioning of remotely distributed networks, and unplanned IT solutions implemented at speed has opened new avenues for cyber-attacks. Reports of new malware targeting home worker systems using sophisticated machine learning to optimise the attack and evade detection have been discovered.
Many cyber security teams are facing the impossible task of securing unplanned, sprawling corporate and potentially vulnerable home networks.
With 51% of organisations being hit by ransomware in the last year, 34% are saying that lack of skilled resources is their most significant security operations issue when determining root cause of a security incident. As a result, 65% of organisations have already outsourced some or all of their cyber security controls.
Organisations with a single internal Head of Information Security, or even a small cyber security team are struggling to keep up with the advancing complexity of attacks and technology. Over half of security professionals surveyed stated that they were too busy completing business as usual daily tasks to be able to concentrate on the larger issues, like implementing improved security controls.
In recognition to this untenable situation, many companies are taking benefit from the advantages of scaling their cyber security solution through an outsourced SOC (Security Operations Centre). An outsourced SOC can scale your cyber protection without you increasing your internal head count. It reduced pressure on HR in finding skilled cyber security experts, and delivers state of the art cyber security solutions at a significantly reduced price point.