Campaign targeting gov’ts in Asia uncovered

- Advertisement -

KASPERSKY researchers have discovered a new espionage campaign targeting government entities in the Asia-Pacific region. The campaign, dubbed “TetrisPhantom,” exploits a particular type of secure USB drive to spy on and steal sensitive data.

TetrisPhantom is a highly sophisticated campaign, using virtualization-based software obfuscation, low-level communication with the USB drive, and self-replication through connected secure USBs. The attackers can gain extensive control over the victim’s device, execute commands, collect files, and transfer data to other machines.

“Our investigation reveals a high level of sophistication, including virtualization-based software obfuscation, low-level communication with the USB drive using direct SCSI commands, and self-replication through connected secure USBs,” Noushin Shabab, senior security researcher at Kaspersky’s Global Research and Analysis Team (GReAT) commented.

- Advertisement -

Kaspersky researchers believe that the TetrisPhantom campaign is carried out by a highly skilled and resourceful threat actor with a keen interest in espionage activities. The campaign is still ongoing, and experts expect to see more sophisticated attacks in the future.

The campaign comprises various malicious modules, through which the actor can gain extensive control over the victim’s device. This allows them to execute commands, collect files and information from compromised machines, and transfer them to other machines using the same or different secure USB drives as carriers. Additionally, the APT is proficient in executing other malicious files on the infected systems.

The limited number of victims, only means that the attack is highly targeted.

Kaspersky researchers have not observed any overlaps with any existing threat actor, but with this attack campaign still ongoing, experts continue to track its progress and expect to see more sophisticated attacks from them in the future.

“These operations were conducted by a highly skilled and resourceful threat actor, with a keen interest in espionage activities within sensitive and safeguarded government networks,” Shabab concludes.

 

Author

- Advertisement -

Share post: