Kaspersky researchers have disclosed details of its latest threat intelligence reports on South Africa, including the cybersecurity firm’s analysis of APT groups in the country – major threat actors hunting for sensitive information and finances.
The company’s telemetry has demonstrated that throughout 2021 entities in South Africa faced attacks from North Korean group Lazarus and Chinese speaking group CloudComputating.
Advanced persistent threats (APTs) are typically, according to Kaspersky, a nation-state or state-sponsored group of extremely stealthy high-level threat actors. In the vast majority of cases, they attack strategically important organisations with a goal of cyberespionage and, in rarer cases, financial gain, since the cost of their cyberattacks is usually too high to turn it into financial profit.
The Lazarus group is one of the world’s most active threat actors since at least 2009, notable for their hunt for finances and their particular interest in cryptocurrencies. In 2021 Kaspersky detected their activity in South Africa.
“For the past three years, we saw a rapid decrease in cryptocurrency-related crime worldwide. However, in 2021, we saw cryptocurrency-related cybercrime booming on every level with the growth of bitcoins, especially in South Africa, says Maria Garnaeva, Senior Security Researcher at Kaspersky ICS CERT team.
“Generally speaking for the African region, the region has faced a number of complexities with aligning to Fiat money regulatory requirements, including the infrastructure, processes and capacity to regulate and govern fiat money and transactions originating in local markets. So, on one hand, cryptocurrencies present massive attractive opportunities for more inclusive accessibility of financial services – and particularly for the ‘unbanked’ population. On the other hand, however, this potential is just as attractive to cybercriminals and threat actors, and therefore we have seen a boom in interest in alternative funds – and mostly in cryptocurrencies.”
“Lazarus schemes often include the laundering of money into cryptocurrencies, and therefore we anticipate that countries in Africa might interest them in this way as well apart from ordinary cyber espionage operations,” Garnaeva adds.
CloudComputating, a Chinese speaking group, is another threat actor, detected in the region for the very first time, which has been focused on cyber-espionage attacks of governmental and diplomatic entities. Their presence is likely a result of increased economic activity in the region as well as trades across the Maritime Silk Road.
“Like any crime, cybercrime appears in the areas of the most rapid development, adds Garnaeva.
“The new actors in the region are merely reflecting the increased frequency and development of global communications and the growth of South Africa’s international agenda.”