As per a new report from anti-malware vendor Kaspersky, a newly revealed advanced persistent threat (APT) drive is targeting legions of users in South Asia, including government organizations.
Termed LuminousMoth, the activity comprises cyberespionage attacks on entities since at least October 2020 but, unlike similar attacks that are highly targeted, this drive stands out thanks to its size: almost 100 victims in Myanmar and 1,400 in the Philippines.
However, the key focus of the attacks was only a subset of victims that comprised prestigious organizations, including government entities both within the two countries and overseas.
The cybercriminal uses spear-phishing emails as the primary attack vector. The emails include a Dropbox download link that brings a RAR archive posing as a Word document that install malware onto target machines.
The malware can spread to other systems through detachable USB drives, on which it generates hidden directories and malicious executables.
In a published report, Kaspersky said: “The sheer volume of the attacks raises the question of whether this is caused by a rapid replication through removable devices or by an unknown infection vector, such as a watering hole or a supply chain attack.”
Kaspersky evaluates with medium to high confidence that LuminousMoth is linked to the HoneyMyte threat group, a Chinese-speaking cybercriminal known for its focus on collecting geopolitical and financial intelligence in Asia and Africa.
Mark Lechtik, senior security researcher with Kaspersky’s Global Research and Analysis Team (GReAT), said: “This new cluster of activity might once again point to a trend we’ve been witnessing over the course of this year: Chinese-speaking threat actors re-tooling and producing new and unknown malware implants.”