8 Active APT Groups To Watch
Ever wonder who's behind some of the attacks we hear about in the news? Here are eight advanced persistent threat (APT) groups that operate some of the most successful and well-known malware campaigns worldwide.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt922469ff8e5700fc/64f0dc62f169c539fa886b33/1-Title-Slide.png?width=700&auto=webp&quality=80&disable=upscale)
Question: What do the following industries have in common?
Aerospace, Aviation, Energy, Healthcare, Pharmaceutical, Technology, Law Practices, Oil, Precious Metal Mining, Defense, Government Officials, Military Officials, NATO, Embassies, Education and Research Facilities, Large Enterprises, and Large Brands
Answer: They have all been a target of active cyber espionage, or advanced persistent threat (APT), groups.
As information security professionals, it’s critical that we understand just how APT attacks can affect the organization. It’s equally imperative that we first have an understanding of the people, organizations, and nations behind the methods, the motives, and the malware targeting us.
Here's a look at eight active APT group profiles, including their:
Date of origin
Location of origin
Attack methods
Typical targets
Motive(s)
Note: A huge thank you goes out to InfoArmor, Symantec, and Trend Micro for their contributions to this collection.
In 2012, the Butterfly APT group began operating, presumably out of China. But Symantec notes that there are some indications that this group may be made up of native English-speakers and are familiar with Western culture, and may operate from an Eastern Standard Time (EST) timezone. Given those characteristics, researchers offer three possible theories of who the Butterfly hacking group might be:
- a government agency bent on economic espionage;
- an organization of hackers-for-hire; or
- an organization with a single customer.
Attack Method(s): Zero-day exploits, custom-developed malware (OSX.Pintsized and Backdoor.Jiripbot)
Typical Target(s): Twitter, Facebook, Apple, and Microsoft compromised in early 2013, with expansion into pharmaceutical, technology, law practices, oil, and precious metal-mining organizations
Motive(s): Cyber espionage, Underground Business
Fun Fact: Butterfly attackers have, on occasion, cleaned up or abandoned a successful break-in -- almost as if that particular attack was a mistake.
More Information: http://www.symantec.com/connect/blogs/butterfly-profiting-high-level-corporate-attacks
Regin, first identified in 2008, is a highly complex threat used by the APT group for large-scale data collection and intelligence-gathering campaigns. The development and operation of this threat would have required a significant investment of time and resources. Threats of this nature are rare and the discovery of Regin serves to highlight how significant investments continue to be made into the development of tools for use in intelligence-gathering. Many components of the Regin tools remain undiscovered, and additional functionality and versions may exist.
Attack Method(s): Long-term intelligence-gathering operations; multi-stage, multi-component, modular-threat
Typical Target(s): Everyone is fair game: Private companies, Government entities, and Research institutes
Motive(s): Top-tier Espionage
Fun Fact: The modular approach of Regin has been seen in sophisticated malware families such as Flamer and Weevil (The Mask), while the multi-stage loading architecture is similar to that seen in the Duqu/Stuxnet family of threats.
More Information: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Question: What do the following industries have in common?
Aerospace, Aviation, Energy, Healthcare, Pharmaceutical, Technology, Law Practices, Oil, Precious Metal Mining, Defense, Government Officials, Military Officials, NATO, Embassies, Education and Research Facilities, Large Enterprises, and Large Brands
Answer: They have all been a target of active cyber espionage, or advanced persistent threat (APT), groups.
As information security professionals, it’s critical that we understand just how APT attacks can affect the organization. It’s equally imperative that we first have an understanding of the people, organizations, and nations behind the methods, the motives, and the malware targeting us.
Here's a look at eight active APT group profiles, including their:
Date of origin
Location of origin
Attack methods
Typical targets
Motive(s)
Note: A huge thank you goes out to InfoArmor, Symantec, and Trend Micro for their contributions to this collection.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024