Skip to main content

APT groups are complex threat actors that deploy targeted attacks, active for years on end. These groups are often motivated by espionage, monetary gain, or in some cases, hacktivism. According to Kaspersky intelligence, some of the most prominent groups in the region are MuddyWater, FruityArmor and Sidewinder. Kaspersky also works with legal authorities, providing them with the intelligence needed to track cybercriminals behind these attacks.

These threat actors use a wide range of techniques to infiltrate their victims in the region. Social engineering is a common tactic used on social media or email, such as posting a fake job advert targeting software developers. APT groups also deploy sophisticated modular malwares like DeadGlyph and StealerBot, as well as weaponising legitimate, remote applications, online services and cloud platforms – a technique used by MuddyWater APT group to penetrate into the targeted site. Furthermore, these groups can target third party providers and infiltrate their victims through supply-chain. 

“The current geopolitical climate is a hotbed for APT activity, therefore, investigating these attacks and gaining intelligence on their movement is vital for security teams and corporations in Africa. Our research allows businesses and government entities to determine the significance of the threat posed, understand the attackers’ next move and accordingly be able to take the appropriate security steps to protect themselves,” said Amin Hasbini, Head of Global Research and Analysis team for Middle East, Turkiye and Africa at Kaspersky.

With every APT investigation, Kaspersky’s Global Research and Analysis Team (GReAT) publish comprehensive reports, available on Kaspersky’s Threat Intelligence Portal. The reports offer crucial APT detection and forensic capabilities, enabling effective mitigation and remediation.

In order to avoid falling victim to a targeted attack by APT groups, Kaspersky researchers also recommend implementing the following measures:

  • Limit access of third parties and require continuous inspection of access within their supply chain.
  • For endpoint level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Next.
  • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform.
  • Energy sector and other critical infrastructures should use security solutions for operation technology endpoints and networks, such as Kaspersky Industrial CyberSecurity, to ensure comprehensive protection for all systems.
  • Upskill your cybersecurity team to tackle the latest threats with Kaspersky online training, developed by GReAT experts.
  • Educate employees depending on their IT knowledge with cybersecurity courses such as those available within Kaspersky Security Awareness Platform.

Kaspersky intelligence shows Government, Energy and Telecommunication institutions as main targets for APT groups in Africa

Researchers at Kaspersky keep a close eye on Advanced Persistent Threats (APTs) and are observing 9 active threat actors that currently target organisations in Africa. Whilst these threat actors target a wide range of entities, Kaspersky researchers identified Government, Energy and Telecommunications as the top targets in Africa.
Kaspersky Logo