Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Targeted Attacks in Asia-Pacific Region Twice as High as Other Regions: FireEye

New research from FireEye shows that the Asia-Pacific region was twice as likely to be targeted by advanced persistent threats during 2013 than the rest of the world.

New research from FireEye shows that the Asia-Pacific region was twice as likely to be targeted by advanced persistent threats during 2013 than the rest of the world.

Leading the way for countries in this region was South Korea, with Japan and Taiwan rounding out the top three. Thailand and Hong Kong were ranked fourth and fifth, respectively.

Attackers also had certain verticals within the region they favored as well. The most popular among these were: the financial services industry; federal government; high-tech industry; chemical/manufacturing/mining industries and consulting services.

“According to the 2012 World Intellectual Property Organization (WIPO) report (PDF), which cited global data collected in 2010, three of the top five patent offices are now located in Asia, and they represented more than 45 percent of all patents filed worldwide,” blogged FireEye researchers Geok Meng Ong and Kenneth Geers. “With such a high volume of intellectual property concentrated in the region, Asia is a logical battleground for cyber attacks. Stealing information about an advanced-stage product can allow an unscrupulous competitor to bring a similar product to market at a much lower cost and effort — and at the direct expense of the victim.”

Japan and South Korea in particular saw heavy concentrations of APT malware.  

“That two of the most recently discovered zero-day vulnerabilities (CVE-2013-3893 and CVE-2013-3897) have been used in advanced cyber attacks specifically targeted at Japanese and Korean language users is striking,” the researchers noted.

“Zero-day vulnerabilities are often hard to come by, and the frequent use of these exploits against Japan and Korea is an indicator of determined and resourceful attackers, as well as the high value of the information they are extracting from these targets,” they added.

The attackers behind the APT campaigns are using many different tools, the most popular of which include Gh0stRat, Sisproc and DarkComet. In certain countries – such as Japan and South Korea – FireEye spotted more than 30 unique APT families. In North Asia, APT tools like Terminator RAT (also known as FakeM) have been used against Tibetan and Uyghur activists.

Gh0stRat is one of the most commonly used remote administration tools (RAT) in the world,” the researchers noted. “But we have also found an increased use of malware such as Houdini — a heavily obfuscated VBScript-based RAT that was analyzed by FireEye researchers in a recent blog post.”

“Some APT malware, such as Mirage, has been used for specific purposes in Asia,” the researchers continued. “Threat actors using this malware often employ spear phishing attacks using legitimate decoy documents that are related to a target’s national economy or politics including regional events such as ASEAN summits, Asia-Pacific Economic Cooperation (APEC) summits, energy exploration, or military affairs.”

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Cyberwarfare

Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...