Russian, North Korean, and Iranian advanced persistent threat operations
have been launching more attacks aimed at compromising small- and medium-sized businesses, as well as their regional managed service providers, reports SecurityWeek
Aside from leveraging breached SMB infrastructure in phishing campaigns, sophisticated APTs have also been targeting SMBs for financial theft operations while compromising regional MSPs to enable supply chain attacks, a report from Proofpoint revealed.
Such targeting has been observed in a phishing campaign early this year launched by Iranian state-backed hacking operation TA450 against Israel-based regional MSPs and IT support businesses, said researchers.
"While more rare and often much more targeted than cybercrime activity, Proofpoint data indicates that APT actors remain interested in SMB targets that align with their broader mandates. This means that some of the most formidable cyber threat actors in the landscape maintain an interest in targeting businesses that are commonly under-protected against cyber security threats such as phishing campaigns," Proofpoint said.