According to global cybersecurity and digital security company Kaspersky, from 2024 to the first half of 2025, online intelligence exploitation will continue to be the main engine of targeted cybersecurity attack groups (APT) operating in the APAC region.
Ms. Noushin Shabab, Head of the Security Research Team of Kaspersky Global Research and Analysis Group (GReAT), revealed at a recent event that many cybercrime groups and APT cyber attack campaigns are active in the APAC region.
In particular, the SideWinder group - known as the "most aggressive threat in the Asia-Pacific region" - is a cybersecurity attack group that targets government agencies, the military and diplomatic organizations in the region through email fraud (spear-phishing) and sophisticated attack platforms.
This group is particularly interested in the maritime sector (Bangladesh, Cambodia...) and logistics (China, India and Maldives). In March, Kaspersky's GReAT experts also revealed that SideWinder has increased its focus on nuclear power plants and energy facilities in the South Asian region.
SideWinder constantly adjusts its attack tools to avoid detection by the system, making the group a worrying persistent threat.
When targeting nuclear infrastructure, SideWinder uses custom-designed fraudulent emails, often with content related to regulations or factory operations. Opening these emails can trigger a malware chain, allowing hackers to access sensitive operational data, research documents, and personnel information.
In addition, Sri Lanka, Nepal, Myanmar, Indonesia and the Philippines are also on SideWinder's target list.
Some other cyber attack groups such as Spring Dragon, Tetris Phantom, HoneyMyte, Lazarus, Mysterious Elephant... also carried out many APT cyber attack campaigns, using many sophisticated methods, targeting many countries in Southeast Asia in particular and APAC in general.
Over the past decade, researchers have discovered more than 1,000 malware used by Spring Dragon alone to attack government agencies in Southeast Asia, according to Kaspersky.
To protect against targeted cyber attacks, Kaspersky recommends that organizations focus on accurate detection, quick response to familiar tactics, and timely handling of security vulnerabilities. In addition, some measures include:
- Always update the software on all devices, to prevent hackers from taking advantage of vulnerabilities to break into the network system.
- Conduct a comprehensive cybersecurity review of infrastructure and digital assets to detect potential vulnerabilities, thereby overcoming weaknesses in both the external and internal protective layer of the system.
- Use solutions in the high-end product line, providing real-time protection, threat monitoring and investigation - response capabilities at EDR and XDR levels, suitable for all organizational and field scales.
- Equip the information security team (InfoSec) with an in-depth view of the threats targeting the organization.
