https://www.engineeringnews.co.za
Africa|Business|Financial|Infrastructure|SECURITY|Service|Services|System|Systems|Technology|Solutions|Infrastructure
Africa|Business|Financial|Infrastructure|SECURITY|Service|Services|System|Systems|Technology|Solutions|Infrastructure
africa|business|financial|infrastructure|security|service|services|system|systems|technology|solutions|infrastructure

A quarter of cyberthreat activity directed at South African govt systems, research shows

8th August 2023

By: Schalk Burger

Creamer Media Senior Deputy Editor

     

Font size: - +

Of the cybersecurity threat activity detected by cybersecurity solutions and services company Trellix during the year, 26% was directed towards government systems, while 16% was targeted at business service providers, 14% at wholesalers’ networks, and 12% targeted utilities’ systems.

Cyberthreat groups Lazarus and the Daggerfly Advanced Persistent Threats (APT) group were among the most notable threat actors that have recently ramped up targeted efforts to infiltrate critical South African systems, according to the latest Trellix Cyberthreat Intelligence report.

Government organisations remain the primary targets for threat actors looking to infiltrate South African information technology systems.

“Despite not experiencing a significant surge in detections since the first quarter, we have noticed a trend of specialised, well-equipped and highly skilled threat actors,” said Trellix South Africa country lead Carlo Bolzonello.

“More alarming is their interconnection with extensive networks and potential State support, indicating a coordinated and sophisticated approach to their malicious activities,” he highlighted.

The Lazarus Group is historically associated with a North Korean State-sponsored APT syndicate and has since been linked to the North Korean government by the US Cybersecurity and Infrastructure Security Agency.

Lazarus deploys tools and capabilities including distributed denial of services botnets, keyloggers to record users’ input, remote access tools allowing anonymous unauthorised users access, and wiper malware to erase data from the system.

Lazarus is notorious for executing spear-phishing campaigns aimed at accessing and stealing account credentials and financial data, as well as employing "living off the land" techniques, using fileless malware and legitimate system tools, Bolzonello highlighted.

Further, the Daggerfly APT group, which is suspected to have affiliations with China, has been exhibiting heightened activity in Africa, with a particular emphasis on targeting telecommunications organisations.

Its primary objective is information gathering, leveraging PlugX loaders to abuse any desktop remote software, and living off the land tooling, like PowerShell, BITSAdmin and GetCredManCreds, which is heavily used for long-term campaigns that can go undetected for extended periods.

“What makes some of the tools used by threat actors so destructive is their trail obfuscation capabilities,” Bolzonello said.

“They employ various techniques, such as hiding backdoors and manipulating time stamps, skilfully giving the impression that their malicious artifacts date back as far as ten years ago. This renders the analysis process exceedingly challenging for investigating teams.

“What is even more concerning is that these adversaries are highly proficient in evasion tactics, leaving organisations believing they have eliminated the threats, when in reality, they may still lie concealed,” he added.

Edited by Chanel de Bruyn
Creamer Media Senior Deputy Editor Online

Comments

Showroom

Showroom image
Alcohol Breathalysers

Supplier & Distributor of the Widest Range of Accurate & Easy-to-Use Alcohol Breathalysers

VISIT SHOWROOM 
VEGA Controls SA (Pty) Ltd
VEGA Controls SA (Pty) Ltd

For over 60 years, VEGA has provided industry-leading products for the measurement of level, density, weight and pressure. As the inventor of the...

VISIT SHOWROOM 

Latest Multimedia

sponsored by

SEW-EURODRIVE at Nampo 2024
SEW-EURODRIVE at Nampo 2024
21st May 2024

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.27 0.325s - 140pq - 2rq
Subscribe Now