Kaspersky researchers monitored persistent threats (APT) in Egypt, and prepared 38 investigative reports related to 12 digital gangs targeting the country since the beginning of Coronavirus.
The reports included information on threats and investigations related to digital gangs targeting Egypt, which ranks third in the number of reports issued by all Middle Eastern countries, making it one of the most targeted countries in the region.
Kaspersky found that these gangs primarily target government institutions and diplomatic agencies as well as educational institutions and telecommunications companies in the country.
Other target audiences include financial institutions, IT companies, healthcare institutions, law firms, and military and defense agencies.
Some of the notorious digital gangs behind APTs investigated in Egypt included Lazarus, MuddyWater, Zeboracy, StrongPity, and SideCopy.
The research team found that exploitation of public applications, valid accounts, and phishing were the most common attack vectors targeting infrastructure in Egypt.
The Lazarus gang, for example, is notorious for conducting targeted phishing campaigns and “water hole” attacks that monitor highly frequented websites and inflate them with malware. The MuddyWater Middle Eastern espionage gang targeted government agencies, telecom companies and oil with the aim of extracting information using the hacked accounts to send phishing emails with attachments directed at specific targets.
There is the Zeboracy Trojan, which is employed in digital espionage campaigns to collect raw data from compromised systems.
The StrongPity gang is responsible for spying campaigns that use “zero-day” attacks, social engineering tricks, and Trojan installers to deliver malware to their victims.
In turn, the SideCopy gang carries out malware attack campaigns targeting various entities for espionage purposes.
Abdelsabour Arous, a security researcher in Kaspersky’s Global Research and Analysis Team, emphasized that threats are becoming more and more complex every day, saying that investigating and reporting on the activity of these digital gangs “allows us to have a broad and in-depth view to understand their motives and movements, enabling us to provide relevant stakeholders with knowledge.” they need to stay safe from its dangers.”
“There is an urgent need for various organizations to stay informed of the latest developments, allowing security teams to anticipate the next steps of attackers and take appropriate steps to protect themselves against future incidents,” he added.
For her part, Nouf Al-Qahtani, Senior Analyst for Cyber Security Threats at STC, stressed that employees in any company are the “first line of defense” against digital attacks, stressing that they “bear part of the responsibility” in protecting data, which is one of the most important institutional assets. She said it is essential that companies provide appropriate training in digital security for all their employees and familiarize them with safe ways to operate devices and share data internally and externally, and to understand the evolving nature of digital crime, in order to fortify that line of defense.
The security expert added: “Employees familiar with the principles of digital security know what alarms look like when corporate networks, devices and information are under threat. As for the second line of defense after employees, I see it as intelligence about threats, which companies and institutions must be keen to provide.”
AI, Internet of Things, Blockchain, Fintech, and 5G continue to gain momentum across the public and private sectors in Egypt.
Increasing internet connectivity is often associated with an increase in digital threats, so the country has prepared itself for even the most challenging digital security attacks, by putting it at the forefront of digital transformation efforts. According to the Global Digital Security Index, Egypt ranked fourth in the Middle East and North Africa region in its commitment to digital security, which confirms the government’s keenness to continue improving its security capabilities.
Kaspersky monitors APT gangs and provides interested parties with unique and permanent avenues for access to investigation and discovery results, including complete technical data available in a range of formats, for each APT gang as soon as it appears. Kaspersky cooperates with and shares information with legal authorities to track down the gangs behind such attacks and bring their members to justice.