Kaspersky researchers have disclosed details of its latest threat intelligence reports on South Africa, including the cybersecurity firm’s analysis of APT groups in the country – major threat actors hunting for sensitive information and finances.
The company’s telemetry has demonstrated that throughout 2021 entities in South Africa faced attacks from North Korean group Lazarus and Chinese speaking group CloudComputating.
Advanced persistent threats (APTs) are typically, according to Kaspersky, a nation-state or state-sponsored group of extremely stealthy high-level threat actors. In the vast majority of cases, they attack strategically important organisations with a goal of cyberespionage and, in rarer cases, financial gain, since the cost of their cyberattacks is usually too high to turn it into financial profit.
The Lazarus group is one of the world’s most active threat actors since at least 2009, notable for their hunt for finances and their particular interest in cryptocurrencies. In 2021 Kaspersky detected their activity in South Africa.
“For the past three years, we saw a rapid decrease in cryptocurrency-related crime worldwide. However, in 2021, we saw cryptocurrency-related cybercrime booming on every level with the growth of bitcoins, especially in South Africa, says Maria Garnaeva, Senior Security Researcher at Kaspersky ICS CERT team.
“Generally speaking for the African region, the region has faced a number of complexities with aligning to Fiat money regulatory requirements, including the infrastructure, processes and capacity to regulate and govern fiat money and transactions originating in local markets. So, on one hand, cryptocurrencies present massive attractive opportunities for more inclusive accessibility of financial services – and particularly for the ‘unbanked’ population. On the other hand, however, this potential is just as attractive to cybercriminals and threat actors, and therefore we have seen a boom in interest in alternative funds – and mostly in cryptocurrencies.”
“Lazarus schemes often include the laundering of money into cryptocurrencies, and therefore we anticipate that countries in Africa might interest them in this way as well apart from ordinary cyber espionage operations,” Garnaeva adds.
CloudComputating, a Chinese speaking group, is another threat actor, detected in the region for the very first time, which has been focused on cyber-espionage attacks of governmental and diplomatic entities. Their presence is likely a result of increased economic activity in the region as well as trades across the Maritime Silk Road.
“Like any crime, cybercrime appears in the areas of the most rapid development, adds Garnaeva.
“The new actors in the region are merely reflecting the increased frequency and development of global communications and the growth of South Africa’s international agenda.”
Edited by Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter
Add Chart to Comment
We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind:
- Enrich the conversation
- Stay focused and on track. Only post material that’s relevant to the topic being discussed.
- Be respectful. Even negative opinions can be framed positively and diplomatically.
- Use standard writing style. Include punctuation and upper and lower cases.
- NOTE: Spam and/or promotional messages and links within a comment will be removed
- Avoid profanity, slander or personal attacks directed at an author or another user.
- Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
- Only English comments will be allowed.
Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.