FOCUS MODE
EXTRACT IOC
Threat Research

APT QUARTERLY HIGHLIGHTS : Q4 2024

Cyfirma
APT QUARTERLY HIGHLIGHTS : Q4 2024
In Q4 2024, APT groups from China, North Korea, Iran, and Russia significantly escalated their cyber operations, demonstrating advanced techniques such as cyber espionage, credential theft, and disruptive assaults. These developments highlight a persistent threat to critical sectors, including government infrastructure and financial institutions worldwide. Affected: governments, critical infrastructure, defense, financial institutions, research entities

Keypoints :

  • APT groups showcased increasingly sophisticated techniques across a range of cyber threats in Q4 2024.
  • Iranian actors demonstrated advancements in cyber espionage and disruptive operations.
  • Russian state-sponsored actors targeted Europe, Central Asia, and the U.S. with credential theft and disruptive tactics.
  • Chinese APT groups intensified their espionage activities in Southeast Asia, Taiwan, and Japan.
  • North Korean groups advanced ransomware operations, leveraging fake job opportunities for infiltration.
  • The increased focus on credential theft and exploitation of zero-day vulnerabilities were notable trends.
  • Cloud services became prime targets for APT exploitation.
  • Psychological operations and influence campaigns were heightened, particularly by Iranian groups.
  • The report underscores the need for proactive cybersecurity strategies and continuous security updates.

MITRE Techniques :

  • Initial Access: T1190 (Exploit Public-Facing Application)
  • Execution: T1059 (Command and Scripting Interpreter)
  • Execution: T1106 (Native API)
  • Execution: T1129 (Shared Modules)
  • Persistence: T1543 (Create or Modify System Process)
  • Privilege Escalation: T1055 (Process Injection)
  • Defense Evasion: T1027 (Obfuscated Files or Information)
  • Discovery: T1057 (Process Discovery)
  • Command and Control: T1071 (Application Layer Protocol)
  • Impact: T1485 (Data Destruction)

Indicator of Compromise :

  • [Domain] detankzone[.]com
  • [CVE] CVE-2024-4947
  • [CVE] CVE-2024-9680
  • [CVE] CVE-2024-49039
  • [IoC Type] RDP Configuration File (Zero Trust Security Environment Compliance Check.rdp)


Full Story: https://www.cyfirma.com/research/apt-quarterly-highlights-q4-2024/

Tags: ACTIVE DIRECTORY, PHISHING, IMPACT, CLOUD, SPOOFING, WINDOWS, CREDENTIAL, BLOCKCHAIN