APT95 is a newly emerging advanced persistent threat (APT) actor primarily targeting organizations in the financial sector with potential ties to state-sponsored activity. This article focuses on their tactics, targets, and mitigation strategies.
Tactics and Techniques:
- Spear-phishing campaigns: APT95 uses highly targeted phishing emails that appear to come from trusted sources to gain initial access by tricking users into revealing credentials or downloading malicious attachments.
- Supply chain attacks: Infiltrating third-party software suppliers and integrating backdoors or other malware into legitimate products, APT95 compromises multiple organizations simultaneously through their supply chains.
- Living off the land (LoLBAS): Leveraging legitimate system tools and processes for malicious purposes, APT95 evades detection while maintaining persistence within targeted environments.
- Credential harvesting: Stealing user credentials through various means such as phishing or exploiting weak authentication practices, APT95 moves laterally across networks and gains access to sensitive data repositories.
- Data exfiltration: Extracting valuable information from targeted organizations, APT95 exposes confidential data, trade secrets, and other intelligence to advance their objectives or sell on the dark web.
- Multi-stage attacks: Employing multi-step infection chains involving multiple exploits or payloads, APT95 bypasses security measures at different stages of the attack process while remaining undetected.
- Mobile malware: Developing and deploying mobile application-based malware to target victims using smartphones and tablets, APT95 expands its attack surface beyond traditional desktop systems.
- Exploiting known vulnerabilities: Taking advantage of publicly disclosed or zero-day vulnerabilities in software and hardware systems, APT95 gains unauthorized access to networks and data.
Targets and Impact: APT95 primarily targets organizations within the financial sector, including banks, investment firms, and other financial institutions. Their motivations appear to be centered around espionage, intellectual property theft, or disrupting critical infrastructure operations. APT95 has been observed targeting victims in multiple countries, suggesting a global reach and possible state sponsorship.
Techniques, tactics and practices:
APT95 is a type of advanced persistent threat that uses multiple techniques to gain access to sensitive information. Some common techniques used by this group include spear-phishing, social engineering, and exploiting vulnerabilities in software or systems. They may also use malware such as Trojan horses or ransomware to infect their targets\\\' devices. Additionally, APT95 is known for its ability to remain undetected on a victims system for extended periods of time, making it difficult to detect and remove the threat.
