APT warning targeting national secrets and nuclear facilities in APAC

According to Kaspersky, the tense geopolitical landscape combined with rapid digitalization has made the region a global cyber espionage hotspot. Kaspersky’s Global Research and Analysis Team (GReAT) is currently tracking more than 900 advanced persistent threat (APT) groups and campaigns, many of which have a strong focus on the APAC region.

Ms. Noushin Shabab, Head of Security Research at Global Research and Analysis Team (GReAT) at Kaspersky, revealed that a series of key cyber espionage groups are quietly targeting state secrets, military intelligence and many other sensitive data from governments in the region.

The most prominent is SideWinder, considered the most aggressive in the region, specializing in targeting governments, militaries, diplomats , especially the maritime and logistics sectors in Bangladesh, Cambodia, Vietnam, China, India, and the Maldives. In early 2025, the group expanded to South Asian energy facilities and nuclear plants using sophisticated phishing emails containing malware. SideWinder also targeted Sri Lanka, Nepal, Myanmar, Indonesia, and the Philippines.

Spring Dragon (Lotus Blossom) focuses on Vietnam, Taiwan, and the Philippines, using spear-phishing, exploits, and watering holes. Over a decade, the group has deployed more than 1,000 pieces of malware into Southeast Asian government agencies.

Tetris Phantom, discovered in 2023, first targeted specialized secure USBs. In 2025, the group added BoostPlug and DeviceCync, allowing the installation of ShadowPad, PhantomNet, and Ghost RAT malware.

HoneyMyte focuses on stealing political and diplomatic data in Myanmar and the Philippines, using ToneShell malware through various downloaders.

ToddyCat targeted high-level people in Malaysia since 2020, using tools based on public source code to bypass legitimate security software, maintaining secret access.

Lazarus, the infamous group behind the Bangladesh Bank attack, continues to pose a significant threat. In early 2025, Operation SyncHole combined watering holes with third-party software exploits to target South Korean organizations. Kaspersky discovered a zero-day vulnerability in Innorix Agent that led to at least six critical businesses being attacked.

Mysterious Elephant, discovered in 2023, uses a backdoor capable of executing commands and manipulating files, and is associated with the Dropping Elephant, Bitter, and Confucius groups. In 2025, the group expanded its targets to Pakistan, Sri Lanka, and Bangladesh.

To respond, Kaspersky recommends that organizations need to accurately detect, react quickly, and thoroughly address security vulnerabilities. Some measures include: keeping software up to date on all devices; comprehensive security reviews of digital infrastructure; deploying Kaspersky Next solutions with real-time protection, monitoring, and response at EDR/XDR level; and equipping InfoSec teams with data from Kaspersky Threat Intelligence for early identification and risk mitigation.

Source: https://nld.com.vn/canh-bao-apt-nham-vao-bi-mat-quoc-gia-va-co-so-hat-nhan-tai-apac-196250819230427496.htm