After uncovering more details on the Operation Triangulation campaign that involved the use of a previously unknown iOS malware platform, cybersecurity solutions company Kaspersky discovered a new threat actor: Mysterious Elephant.

Mysterious Elephant, which belongs to the Elephants family, employed new backdoor families. It can also execute files and commands on the victim’s computer as well as receives files or commands from a malicious server for execution on the infected system. 

“While some threat actors stick to familiar tactics like social engineering, others have evolved, refreshing their toolsets and expanding their activities,” said David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).

Kaspersky discovers GoldenJackal APT spies on gov’t organizations
Kaspersky uncovers APT campaign vs organizations in war conflict areas

While Kaspersky researchers have observed overlaps with Confucius and SideWinder, Mysterious Elephant possesses a distinctive and unique set of TTPs (tactics, techniques, and procedures), setting them apart from these other groups.

Lazarus’ develops new malware variant

Aside from studying emerging threats and threat actors, Kaspersky also found that existing APT groups are not letting up and are continuing to find new ways to launch attacks. 

For one, the well-known Lazarus is upgrading its MATA framework and introducing a new variant of its malware family, MATAv5. 

BlueNoroff, a financial attack-focused subgroup of Lazarus is new delivery methods and programming languages, including the use of Trojanized PDF readers in recent campaigns, the implementation of macOS malware, and the Rust programming language. 

ScarCruft APT group tries to evading the Mark-of-the-Web (MOTW) security mechanism by developing new infection methods. 

Geopolitical influences drivers of APT activity

According to Kaspersky, APT campaigns remain geographically dispersed, with actors concentrating their attacks on regions such as Europe, Latin America, the Middle East, and various parts of Asia. Cyber-espionage, with a solid geopolitical backdrop, continues to be a dominant agenda for these endeavors.

“Staying vigilant with threat intelligence and the right defense tools is crucial for global companies, so they can protect themselves against both existing and emerging threats,” Emm said.