System flaws are getting more popular among cybercriminals, as an increasing number of attacks start from exploits, rather than from gullible humans. This is according to a new paper from cybersecurity experts Kaspersky, called the APT Q1 report.
In the report, Kaspersky describes three major breaches that happened in the timeframe, including the SolarWinds breach, the zero-day in the Microsoft Exchange Server, and the TurtlePower attack in which Pakistani and Chinese government and telecom entities came under attack.
In all three attacks, the threat actors took advantage of flawed systems to distribute malware and backdoors.
Kaspersky says that the SolarWinds attackers could be “somehow linked” to the infamous Turla APT, as the latter’s Kazuar backdoor has many similarities to the SUNBURST malware distributed through the SolarWinds hack.
The Microsoft Exchange Server breach was done by a new actor called HAFNIUM which, among others, attacked servers located in Russia, as well.
The TurtlePower attack is being linked to the BitterAPT group, and was allegedly kicked off by “Moses”, “a broker that has developed at least five exploits in the past two years,” Kaspersky explained.
“Zero-day exploits will continue to be a highly effective and common way for APT groups to compromise their victims, even in surprisingly creative ways—as shown by Lazarus’s recent campaign,” commented Ariel Jungheit, senior security researcher with GReAT.