EastWind Campaign: Defending Against the Latest APT31 Attacks
APT31 is an advanced Chinese-speaking threat actor that has been consistently targeting high-profile organizations all around the world, including those located in Europe. While tracking this actor, we have discovered its latest activities that were conducted at the end of July 2024. So, what tactics did APT31 use in these attacks, and most importantly, how can we defend against them?
To answer these questions, we will first discuss how APT31 was initially infecting networks of target organizations. Following that, we will speak about tools that we found used to gather information about compromised machines. Afterwards, we will describe what information from infected computers attackers were interested in, as well as what unique malware was used to exfiltrate it. While discussing the malware, we will demonstrate various analysis techniques useful to reverse engineers that allow to efficiently deobfuscate the discovered implants. Additionally, we will pay particular attention to techniques that APT31 leveraged to make its activities less noticeable to security solutions.
We will then use all the presented information to compare recent attacks of APT31 with the ones conducted a few years ago and identify common flaws in the actor’s offensive strategy. In turn, finding these flaws will allow us to discuss how to build an efficient defense strategy against further APT31 attacks.
Georgy Kucherin, Security Researcher at Global Research & Analysis Team – Kaspersky
Alongside his dedication to his academic pursuits as a student at Moscow State University, Georgy demonstrates an unwavering passion for unraveling the intricacies of complex malware and employing reverse engineering techniques to analyze and understand its inner workings. With a strong background in cybersecurity research, Georgy has contributed significantly to the field through his comprehensive investigations into advanced persistent threats (APTs) such as FinFisher, APT41, and Lazarus. Georgy actively shares his research findings at prominent conferences, including VirusBulletin, AVAR, Security Analyst Summit, and other renowned gatherings, where his presentations captivate audiences and contribute to the collective knowledge of the cybersecurity community. Driven by a relentless pursuit of knowledge and a commitment to securing the digital landscape, Georgy Kucherin is an emerging force in the field of cybersecurity research, poised to make lasting contributions in the fight against cyber threats.