Poseidon Group A malware business with a tough action

Poseidon Group: A massive digital campaign is revealed for the first time s with Brazilian Portuguese as the main language and aimed at financial institutions, telecommunications organizations, industrial companies, energy providers and Mass Media

Kaspersky Lab's Global Research and Analysis Group announced the discovery of the Poseidon Group, an advanced threat actor, which has been conducting global digital espionage operations since at least 2005. What makes the group behind the Poseidon Group unique is that it is a "commercial » entity, whose include custom malware, digitally signed with fake certificates, designed to steal sensitive data from victims in order to coerce them into developing financial relationships. In addition, the λογισμικό έχει σχεδιαστεί για να λειτουργεί ειδικά σε υπολογιστές με εγκατεστημένα Windows στα Αγγλικά και τα Πορτογαλικά Βραζιλίας, γεγονός που παρατηρείται για πρώτη φορά στα χρονικά των στοχευμένων επιθέσεων.Poseidon Group

At least 35 victim businesses have been identified, with the main targets including financial and government organizations, telecommunications providers, industrial companies, energy companies and other utilities, as well as mass media and public relations firms. Also, Kaspersky Lab experts have detected attacks on companies services aimed at top business executives. Victims of this group have been identified in the following countries:

  • USA
  • France
  • Kazakhstan
  • United Arab Emirates

However, the dispersal of the victims is reportedly leading to Brazil, where many of the victims have joint ventures or have business partnerships.Kaspersky Lab_Infographics_Poseidon_map

One of the features of the Poseidon Group is the active exploration of domain-based corporate networks. According to Kaspersky Lab's analysis, the Poseidon Group supports its action in spear-phishing email with RTF / DOC files (usually using human resources as a lure), which "releases" a malicious binary code into the target system, he tried to open it. Another important finding is the presence of the Portuguese language of Brazil. The group's preference in Portuguese systems, as evidenced by the samples, is a practice that has not been previously observed.

Μόλις ένας υπολογιστής προσβληθεί, το κακόβουλο λογισμικό αναφέρεται στους command and servers, πριν ξεκινήσει μια σύνθετη φάση «πλευρικής κίνησης». Σε αυτή τη φάση, αξιοποιείται συχνά ένα εξειδικευμένο εργαλείο που αυτόματα και επιθετικά συλλέγει ένα ευρύ φάσμα πληροφοριών, συμπεριλαμβανομένων των διαπιστευτηρίων, των πολιτικών διαχείρισης ομάδων, ακόμη και των αρχείων καταγραφής του συστήματος, ώστε να προετοιμάσει καλύτερα επιπλέον επιθέσεις και να εξασφαλίσει την εκτέλεση του κακόβουλου λογισμικού. Με τον τρόπο αυτό, οι επιτιθέμενοι γνωρίζουν πραγματικά τι εφαρμογές και εντολές μπορούν να χρησιμοποιήσουν, χωρίς να «σημάνει συναγερμός» για το διαχειριστή του δικτύου κατά τη διάρκεια των διαδικασιών «πλευρικής κίνησης» και εκδιήθησης δεδομένων.

The που συγκεντρώνονται αξιοποιούνται στη συνέχεια από μια «επιχείρηση s', so that the latter could convince the victim companies to hire the Poseidon Group as a security consultant, under the threat of exploiting the stolen information in a series of suspicious business deals for the benefit of the Poseidon Group.

"The team Poseidon GROUP has long-lasting action in many areas. Some of its command and control centers have been found in Internet connectivity providers that offer their services to sea-going vessels, wireless connections as well as traditional carriers"Said Dmitry Bestuzhev, Director of Kaspersky Lab's Worldwide Research and Analysis Group in Latin America. "In addition, many of the" implants "they use have a very short life span, which has allowed this group to operate for a very long time without being identified."

As the Poseidon Group has been active for at least ten years, the techniques used to design its implants have evolved, making it difficult for many researchers to associate markers and "complete the puzzles" of the case. However, by carefully collecting all the evidence, studying the threats and writing the attacker's timeline, Kaspersky Lab's experts managed to prove in the middle of 2015 that traces previously identified but not recognized in the reality belonged to the same threatening factor in the Poseidon Group.

Kaspersky Lab products detect and remove all known malware versions of the Poseidon Group.

The full report on the action of the Poseidon Group, which includes a detailed description of the malicious tools and indexes of insult, is available on the website Securelist.com.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).