Skip to main content

APT actors increasingly turn to exploits to launch attacks

(Image credit: Shutterstock / Rabbit_Photo)

Attacks that exploit system flaws are growing in popularirty among cybercriminals, according to a new paper from cybersecurity company Kaspersky.

In the report, Kaspersky describes three major breaches that occurred in Q1 2021, including the SolarWinds breach, the Microsoft Exchange hack, and the TurtlePower incident, in which Pakistani and Chinese governments and telecoms entities came under attack.

In all three attacks, the threat actors took advantage of flawed systems to distribute malware and backdoors. 

Kaspersky says that the SolarWinds attackers could be “somehow linked” to the infamous Turla APT, as the latter’s Kazuar backdoor has many similarities to the SUNBURST malware distributed through the SolarWinds hack. 

The Microsoft Exchange Server breach is said to have been executed by a new actor called HAFNIUM, which attacked servers located in Russia, among others. 

The TurtlePower attack is being linked to the BitterAPT group, and was allegedly performed by “Moses”, described as “a broker that has developed at least five exploits in the past two years".

“Zero-day exploits will continue to be a highly effective and common way for APT groups to compromise their victims, even in surprisingly creative ways—as shown by Lazarus’s recent campaign,” commented Ariel Jungheit, Senior Security Researcher with GReAT.