Macnica today releases research report on targeted attacks targeting Japanese companies and individuals in fiscal 2023 - In addition to externally exposed assets and spear phishing, physical intrusions also observed via USB memory sticks and Wi-Fi access points -

Macnica (headquarters: Yokohama, Kanagawa Prefecture; Representative Director and President: Kazumasa Hara; hereinafter referred to as Macnica) has written a research report on targeted attacks that landed in Japan in 2023, "The Reality of Targeted Attacks and Countermeasure Approaches, 8th Edition," and is releasing it today.

In fiscal 2023, in addition to spear phishing, which has been increasing steadily for the past 10 years, attacks classified as "targeted attacks" were observed, including intrusions from publicly available assets and even physical intrusions from USBs and Wi-Fi access points. In terms of intrusion methods, there is a tendency to use a variety of methods to infiltrate target organizations. According to Macnica 's observations, 50% of intrusion methods were publicly available assets, followed by spear phishing at 30%, and USBs and Wi-Fi access points, which have not been observed in cybercrimes such as ransomware, each accounting for 10%. With the increase in cases of intrusions by attacking vulnerabilities in publicly available assets, we have also observed the appearance of attack groups that are thought to have never been seen before. In addition, it is becoming more difficult to identify attackers, as attackers share attack tools with each other and use open source remote control tools.

As for the organizations targeted by attacks, while there are industries that have been targeted for nearly 10 years, such as media and security/diplomacy-related industries, there is a change in the goals of attackers, and we are beginning to see situations where a wide range of industries, such as manufacturing, are being attacked as new targets. In particular, there has been a notable increase in physical intrusions through the misuse of USB and Wi-Fi access points in manufacturing companies with overseas bases in the East Asian region. In addition, attacks targeting only specific organizations, classified as targeted attacks, are still ongoing, so vigilance is required.

Macnica will continue to persistently analyze and raise awareness about these types of targeted attacks that are gradually eroding the industrial competitiveness of Japanese companies.

■ Timeline of attacks and industries in which attacks were observed
In 2023, many new attack groups have appeared compared to attacks in previous years. These are the UNC4841 attack group, which infiltrated organizations by attacking the Barracuda ESG CVE-2023-2868 vulnerability, the TELEBOYi attack group, which attacked infrastructure-related organizations with the RatelS remote control malware, the Vapor Panda attack group, which attacked manufacturing-related organizations with the BLOODALCHEMY remote control malware, and the UNC5221 attack group, which was observed attacking academic and manufacturing organizations by attacking Ivanti's CVE-2023-46805/CVE-2024-21887 vulnerability. On the other hand, attack groups that have targeted Japan in 2022 and before have been observed, including the APT10 attack group's attacks using the LODEINFO malware, the Tropic Trooper attack group's attacks using the EntryShell malware, the Mustang Panda attack group's attacks using PlugX and PUBLOAD malware, which spread infection via USB in Southeast Asia, and attacks exploiting the open source Stowaway, which has been reported to be used by Chinese attack groups, although the attackers are still under analysis.

[The report's public URL is here]
https://www.macnica.co.jp/business/security/security-reports/145469/

■Table of Contents
・Introduction
- Timeline of the attack and the industries in which it was observed
・Attack Overview
・New TTPs, RATs, etc.
・Mustang Panda (PUBLOAD)
・Mustang Panda (attacks using PlugDisk observed in Southeast Asia)
・Attack campaign exploiting vulnerabilities in Ivanti products
- TTPs (tactics, techniques, procedures) for each attack group
・Threat detection and mitigation measures based on TTPs
Detection indicator

*Company names and product names mentioned in this text are trademarks or registered trademarks of Macnica and each company.
*The information published in the news release (including product price, specifications, etc.) is current as of the date of announcement. Please note that the information may be subject to change without prior notice.