ESET has produced a comprehensive report on cyber security challenges affecting governments worldwide, including the latest attack campaign by the Luckymouse APT Group. The research is in line with the Strategic Defense Perspective of the European Commission, CERN and Europol presented at the ESET European Cybersecurity Day online conference
Cybercriminals are particularly effective in targeting critical infrastructures that: protection is the responsibility of governments. The cyber security strategy of the European Union and governments around the world is being tested not only by the transition to digital operations, but also by attacks on cyber espionage, blackmail viruses and the supply chain. However, the most serious challenge for governments is the attacks on Advanced Persistent Threat (APT), an organized and persistent threat working unobtrusively.
APT groups are using increasingly sophisticated tools
Earlier this year, a well-known group of APTs called LuckyMouse (aka Emissary Panda, APT27) launched a new attack campaign that used Microsoft Exchange Server to create a number of zero-days. exploited its vulnerability. Named “EmissarySoldier” by ESET, the campaign aims to spy on several government networks in the Middle East and networks of Central Asian organizations. The group uses the malicious SysUpdate toolkit to compromise the machines, the first samples of which were discovered in 2018, but have since gone through various stages of development and gradually integrated various features into the toolkit.
APT groups – for example, the development of tools used by LuckyMouse is a serious problem. In the course of attacks, the tasks of governance, such as ensuring the stability of citizens, the business environment and relations with other nation-states, are jeopardized. LuckyMouse and other APT groups, including government actors and their partners, target widespread collaboration platforms such as Microsoft SharePoint or other digital services.
But LuckyMouse is just the tip of the iceberg. Most of the threats to governments come from organized criminal groups who are increasingly willing to work together to achieve their common goals. As the use of digital services has increased, so has the threat to the supply chain. In the last quarter of 2020, ESET discovered as many supply chain attack campaigns as the entire security sector perceived a few years ago in a full year. Attacks of this type seek to harm a selected industry organization by targeting less secure elements of the supply chain.
Focus on governance
2020 and In 2021, a number of ESET research collaborations matured, including joint work with the European Organization for Nuclear Research (CERN), Europol and the French National Cyber Security Agency (ANSSI). Several of the insights shared at the ESET European Cybersecurity Day virtual event and in the report emphasize that governments and their IT infrastructure are key targets.
The report highlights the need for cyber security companies to experts continue to support governments in addressing their security gaps and monitoring APT teams’ tactics, techniques and operations through the various endpoint detection and response solutions available to them.
The events of the past year have brought major changes, and there is no longer a choice for government IT teams, we need to pay close attention to protection. The best security technologies, products and cutting-edge research are needed to enable governments to keep up with the growing challenges.
A detailed report on the activities of the LuckyMouse APT Group “ESET industry report on government: Targeted but not alone “can be downloaded from WeLiveSecurity.com.
Hardware, software, tests, curiosities and colorful news from the IT world by clicking here!
