Kaspersky researchers have disclosed the details of the latest threat intelligence reports on South African, with the analysis of the APT groups – major threat actors hunting for sensitive information and finances.
The telemetry of the company has demonstrated that throughout 2021 entities in South Africa faced attacks North Korean Lazarus and Chinese speaking CloudComputating.
The advanced persistent threats (APTs) are typically a nation state or state-sponsored group of extremely stealthy high level threat actors. In the vast majority of cases, they attack strategically important organisations with a goal of cyberespionage and, in rarer cases, financial gain, since the cost of their cyberattacks is usually too high to turn it into financial profit.
The Lazarus group is one of the world’s most active threat actors since at least 2009, notable for their hunt for finances and their particular interest in cryptocurrencies. In 2021 Kaspersky detected their activity in South Africa.
“For the past three years we saw a rapid decrease in cryptocurrency-related crime worldwide. However, in 2021, we saw cryptocurrency-related cybercrime booming on every level with the growth of bitcoins, especially in South Africa,” says Maria Garnaeva, senior security researcher at Kaspersky ICS CERT team.
“The reason for this, and generally speaking for the African region, is that the region has faced a number of complexities with aligning to Fiat money regulatory requirements, including the infrastructure, processes and capacity to regulate and govern fiat money and transactions originating in local markets.
“So, on one hand cryptocurrencies present massive attractive opportunities for more inclusive accessibility of financial services – and particularly for the ‘unbanked’ population.
“On the other hand, however, this potential is just as attractive to cybercriminals and threat actors, and therefore we have seen a boom in interest in alternative funds – and mostly in cryptocurrencies.
“Lazarus schemes often include the laundering of money into cryptocurrencies, and therefore we anticipate that countries in Africa might interest them in this way as well apart from ordinary cyber espionage operations.”
Another actor seen in the region was focused in cyberespionage attacks of governmental and diplomatic entities and were detected in the region for the first time in their long history of existence. CloudComputating, a Chinese speaking group. Their presence is likely a result of an increased economic activity in the region as well as trades across the Maritime Silk Road.
“Like any crime, cybercrime appears in the areas of the most rapid development,” adds Garnaeva. “The new actors in the region are merely reflecting the increased frequency and development of global communications and the growth of South Africa’s international agenda.”