By OTS June 11, 2024
Kaspersky has recently concluded an investigation into cyber-attacks targeting the industrial sector in Eastern Europe. The investigation has revealed the employment of advanced tactics, techniques, and procedures (TTPs) by threat actors to compromise industrial organizations in the region. Industries such as manufacturing, industrial control system (ICS) engineering and integration have been particularly affected, emphasizing the urgent need for enhanced cybersecurity preparedness.
According to the research a series of targeted attacks was revealed, aiming at data -breach through the creation of a channel with similarities to cases previously reported, such as ExCone, and DexCone, a fact that clearly manifests the participation of APT31 (also known as Judgement Panda and Zirconium).
At the same time, the investigation brought to surface the use of techniques highly advanced, which have been designed for remote access and thus showing the attackers know exactly how to succeed in overcoming security measures. In particular, DLL High -jacking techniques were utilized in order to avoid tracking. At the same time they performed multiple functions devided in three attacking layers. The cloud data storage services such as dropbox and Yandex Disk, as well as platforms for data transfer, were used for data breach and the reproduction of malware.