Tag Archive for: Asia

Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says

/in


Hackers believed to be based in Kazakhstan are targeting other members of the Commonwealth of Independent States in a wide-ranging espionage campaign, according to new research.

Cisco’s Talos group has spent months tracking YoroTrooper — a hacking group focused on espionage that first emerged in June 2022. Researchers said the group’s targets, use of Kazakh currency, and fluency in Kazakh and Russian is part of what led them to believe the hackers are based in Kazakhstan.

YoroTrooper appears to have performed defensive actions in protecting the Kazakhstani state-owned email service and have only ever attacked the Kazakh government’s Anti-Corruption Agency.

Asheer Malhotra, a Cisco Talos threat researcher, told Recorded Future News that the group has actively tried to disguise its operations to make it seem like the attacks are coming from Azerbaijan in an attempt to “generate false flags and mislead attribution.”

“In terms of their modus operandi, their tactics and tools aren’t very sophisticated, however YoroTrooper has still enjoyed a substantial amount of success compromising targets in CIS [Commonwealth of Independent States] countries over the past two years, owing to their aggressive attempts to target their victims. Further, the threat actor shows no signs of slowing down in spite of Cisco Talos’ initial disclosure detailing YoroTrooper’s activities earlier this year,” Malhotra said.

Cisco Talos tracked attacks involving institutions and officials in Azerbaijan, Tajikistan, Kyrgyzstan, Uzbekistan, using VPN services to make it look like their hacks come from Azerbaijan.

The hackers compromised multiple state-owned websites and accounts belonging to government officials between May 2023 and August 2023.

Most of the attacks start with phishing emails and deploy custom-made malware that allows the group to steal data and credentials.

Screen Shot 2023-10-25 at 2.54.41 PM.png
Countries attacked by YoroTrooper. Image: Cisco Talos

Researchers found the hackers using Russian in their attempts to debug their tools while also visiting numerous websites written in Kazakh. In June the hackers began using Uzbek in their code, another language spoken widely in Kazakhstan.

The hackers use cryptocurrency…

Source…

US trade rep seeks close economic security ties in Asia

/in


TOKYO — The United States hopes to deepen trade ties with Japan as it fortifies cooperation on economic security with its Asian allies and partners, the top U.S. trade envoy said Wednesday.

U.S. Trade Representative Katherine Tai’s visit to Tokyo follows a trip to the Philippine capital, Manila, that she said highlighted a newly emerging partnership among the three countries as they build both economic and defense ties.

Tai met with Japanese Foreign Minister Yoshimasa Hayashi to discuss making supply chains more resilient and secure, the Japanese Foreign Ministry said in a statement.

Tai also reviewed the status of negotiations on the Indo-Pacific Economic Framework, or IPEF, a new trade pact proposed by Washington, emphasizing the importance of cooperation with Japan, it said.

The framework has 13 members, including the U.S., that account for 40% of global gross domestic product: Australia, Brunei, India, Indonesia, Japan, South Korea, Malaysia, New Zealand, the Philippines, Singapore, Thailand and Vietnam.

Hayashi responded by welcoming more U.S. engagement in the regional economy, saying Japan will proactively discuss the plan with other partners.

Japan and the United States have been promoting multilateral cooperation, most recently with the Philippines as they share common concern over China’s growing influence and assertiveness in both security and economic activities.

But the U.S. has stepped up diplomacy across the region, with Secretary of State Antony Blinken stopping over the weekend in Vietnam, which Washington sees as a key component of its strategy for the region given the country’s traditional rivalry with its much larger neighbor China.

Tai also met Wednesday with Minister of Economy, Trade and Industry Yasutoshi Nishimura. The trade ministry said the two discussed strengthening supply chains — an issue that gained urgency amid shortages of computer chips and other goods during the pandemic. They also discussed ways to cooperate in the protection of human rights in business, the ministry said.

Japan and the United States have set up a taskforce that aims to eliminate human rights violations in international supply chains and to ban use of materials from…

Source…

India 2nd most targeted by ransomware in Asia Pacific, Japan region in 2022

/in




India is the second most targeted country by ransomware in the Asia-Pacific and Japan region in 2022, up from spot 3 in 2021, a new report said on Tuesday.


In 2022, Maharashtra was the most-targeted state with 36 per cent of ransomware attacks, while New Delhi was at second, according to the Palo Alto Networks 2023 Unit 42 Ransomware and Extortion report.


“Ransomware and extortion groups are forcing their victims into a pressure cooker, with the ultimate goal of increasing their chances of getting paid,” said Wendi Whitmore, senior vice president and head of Unit 42 at Palo Alto Networks.


Moreover, the report mentioned that manufacturing, construction, and professional & legal services were the most targeted industries.


The most active ransomware groups include Lockbit 2.0, BianLian, and Stormous.


Further, the report found that data theft was the most common of the extortion tactics, with 70 per cent of groups using it by late 2022 — a 30 per cent increase from the year prior.


Organisations based in the US were most severely publicly affected, with 42 per cent of the observed leaks in 2022, followed by Germany and the UK, accounting for nearly 5 per cent each.


The report also said that 30 organisations on the Forbes Global 2000 list were publicly impacted by extortion attempts in 2022.


Since 2019, at least 96 of these organisations have had confidential files publicly exposed to some degree as part of attempted extortion.


–IANS


shs/vd

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)


Source…

Kaspersky launches XDR platform to combat growing ransomware threats in Southeast Asia

/in


  • Kaspersky has responded to the increased risk of targeted ransomware attacks on businesses in SEA by introducing the Kaspersky Extended Detection and Response (XDR) platform.
  • Kaspersky’s latest data indicates that Lockbit, a targeted ransomware group, attacked 115 businesses in SEA.

Digital kidnappers are targeting enterprises in Southeast Asia (SEA), and global cybersecurity company Kaspersky predicts that this trend will continue in the coming years, albeit in more sophisticated and targeted ways. Ransomware, a type of malware that locks computer and mobile devices or encrypts electronic files, is used by cybercriminals to demand a ransom in exchange for a decryption key or the return of data.

Ransomware has evolved as a threat since the first known attack in 1989; and since 2016, attackers have shifted from targeting users to larger enterprises. High-impact incidents, such as the WannaCry ransomware attack, have caused estimated damages of up to US$4 billion. Ransomware groups continue to target enterprises worldwide, including those in SEA, due to the high return on investment.

Kaspersky warns about the advancements in ransomware

Kaspersky is taking proactive steps to combat the escalating danger of targeted ransomware attacks on businesses in Southeast Asia. Its latest move is the introduction of the Kaspersky Extended Detection and Response (XDR) platform, which offers comprehensive protection against such attacks through its multi-layered defense mechanisms. Kaspersky reports that there has been a significant increase of almost 181% in daily ransomware attacks worldwide in the last year, resulting in approximately 9,500 encrypted files per day.

The attackers behind these attacks constantly improve their tactics and tools to demand higher ransoms and create a greater reputational impact. In 2020, Kaspersky warned of the rise of Ransomware 2.0, which employs highly targeted attacks and “pressure tactics” to achieve these goals.

Targeted ransomware groups have emerged as a new form of extortion in the past two years, using tactics such as reselling hacked data or files, conducting DDoS attacks, and launching targeted phishing campaigns. This tactic has been dubbed Ransomware…

Source…