Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed
TetrisPhantom.
"The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky
said in its APT trends report for Q3 2023.
The Russian cybersecurity firm, which detected the ongoing activity in early 2023, said the USB drives offer hardware encryption and are employed by government organizations worldwide to securely store and transfer data, raising the possibility that the attacks could expand in the future to have a global footprint.
The clandestine intrusion set has not been linked to any known threat actor or group, but the high-level of sophistication of the campaign points to a nation-state crew.
"These operations were conducted by a highly skilled and resourceful threat actor, with a keen interest in espionage activities within sensitive and safeguarded government networks," Noushin Shabab, senior security researcher at Kaspersky,
said. "The attacks were extremely targeted and had a quite limited number of victims."
