Now on Demand: CISO Forum Virtual Summit - All Sessions Available to Watch Instantly
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

Researchers Spot APTs Targeting Small Business MSPs

Proofpoint warns that APT actors linked to Russia, Iran and North Korea are increasingly targeting small- and medium-sized businesses.

Security researchers at Proofpoint have spotted signs of advanced threat actors targeting small- and medium-sized businesses and the service providers in that ecosystem.

In a new report, the researchers warned of a series of escalating threats to SMBs from well-resourced APT groups and called attention to the risk of supply chain attacks from compromised managed service providers.

The warning from Proofpoint is particularly distressing because small- and medium-sized businesses often lack dedicated security teams and are considered sitting ducks for malware attacks.

The company identified three prominent trends: compromised SMB infrastructure being used in malicious phishing campaigns, regional SMB targeting by state-affiliated actors for financial theft, and the targeting of regional Managed Service Providers (MSPs) for downstream supply chain attacks. 

According to data examined by Proofpoint, the APT actors specifically targeting SMBs include threat actors aligned with the Russian, Iranian, and North Korean state interests. 

“These skilled threat actors are well-funded entities associated with a particular strategic mission that can include espionage, intellectual property theft, destructive attacks, state-sponsored financial theft, and disinformation campaigns. While more rare and often much more targeted than cybercrime activity, Proofpoint data indicates that APT actors remain interested in SMB targets that align with their broader mandates,” the company said.

“This means that some of the most formidable cyber threat actors in the landscape maintain an interest in targeting businesses that are commonly under-protected against cyber security threats such as phishing campaigns,” Proofpoint added. 

The report also flagged a noticeable trend of APT actors targeting regional MSPs to initiate and facilitate supply chain attacks.  

Advertisement. Scroll to continue reading.

“APT actors appear to have noticed this disparity between the levels of defense provided and the potential opportunities to gain access to desirable end user environments,” Proofpoint said, pointing to a notable case occurred early 2023 when TA450, attributed to Iran’s Ministry of Intelligence and Security, targeted two Israeli regional MSPs and IT support businesses via a phishing email campaign.

The data shows that Iranian-based APT groups are focused on targeting regional technology providers to gain access to downstream SMB users via supply chain attacks originating against vulnerable regional MSPs. 

Related: Ransomware Attack Confirms MSPs Are Prime Targets

Related: Symantec: Chinese APT Group Targeting Global MSPs

Related: Chinese Hackers Spy on U.S. Law Firm, Major Norwegian MSP

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Secure enterprise browser provider Menlo Security has appointed Bill Robbins as President.

Erik Rolf has joined Booz Allen Hamilton as the Business Information Security Officer (BISO) of Commercial Sector.

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.