365bet�����������籭

THAILAND

State-backed advanced persistent threat (APT) groups are intensifying their global operations, with Türkiye emerging as one of the primary targets in 2024 and 2025, according to cybersecurity firm Kaspersky.

In 2024, APT actors primarily targeted government institutions, as well as the telecommunications, finance, energy, and defense sectors. Notable groups included Lazarus, HoneyMyte, Kimsuky, Charming Kitten, and SideWinder. By 2025, the list expanded to include Salt Typhoon, APT42, and TetrisPhantom, alongside SideWinder and Kimsuky, indicating a rise in both the scope and sophistication of attacks.

Maher Yamout, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), told Anadolu: “In 2024, we detected about 25 APTs in the META region that are focused on cyber espionage, meaning they are trying to hack into the systems in these countries so they can steal sensitive information and use it in their analysis.”

He highlighted that most of these groups focus on government agencies, with ministries of foreign affairs and other state institutions being primary targets.

Kaspersky also observed a sharp rise in attacks leveraging AI-powered techniques, with some groups aiming not only to steal information but to disrupt critical infrastructure.

SideWinder was identified as one of the region’s most active APT actors for the second consecutive year, with TetrisPhantom and APT42 appearing on the radar for the first time in 2025.

Türkiye leads online threat exposure in META region

According to Kaspersky's data for the first quarter of 2025, online threats affected 26.1% of users in Türkiye, the highest rate in the Middle East, Turkey, and Africa (META) region. Kenya came in second at 20.1%, followed by Qatar at 17.8% and South Africa at 17.5%.

At least 25 APT groups, including SideWinder, Origami Elephant, and MuddyWater, are being actively monitored across the region. The increasing use of mobile device exploits and advanced evasion techniques indicates that these attacks are becoming more sophisticated.

APT attacks driven by strategic, not financial, motives

Yamout emphasized the stark difference between conventional cybercriminals and state-sponsored threat actors.

Traditional cybercriminals aim to steal usernames, passwords, and credit card information to sell on the dark web, while APT groups are after strategic data, economic intelligence, or military secrets.

He highlighted that geopolitical and economic developments are the main reasons why countries like Türkiye, Egypt, and Pakistan are increasingly targeted.

“There is also a technological aspect,” he said, elaborating: “Because certain countries are supporting other countries in the real world with some military technologies and some economical manufacturing and so forth. So, they create an interest for other APTs to get into that country and understand them better up close. Therefore, they will try to hack into those countries’ systems to obtain sensitive information. They want to learn the answers to questions such as what technologies they are using and what they are producing,” he added.

APT communication via YouTube raises red flags

Among the most memorable incidents in his career, Yamout recalled a cyberattack conducted by mercenary hackers who used a YouTube video to indirectly communicate with malware installed on a victim's machine.

“It might not have been the most technically sophisticated, but it was certainly the most interesting,” he said.

Yamout explained that instead of installing the virus on the victim’s machine to connect to the malware’s command server directly, the attackers used a seemingly harmless YouTube video and embedded the virus server address in the description or comments section of that video.

“This was interesting because it was indirect communication with the virus server, and it's even stealthy, because when you look at the virus initially, it's communicating with YouTube, so you'll not feel that there's something wrong,” Yamout said.