Buhtrap: Recently, the ESET had issued a notice on the discovery of one "zero-day ” exploit which was used in a particularly targeted attack in Eastern Europe. The attack technique exploit was based on vulnerability LPE (local privilege escalation) of Microsoft Windows.
Her researchers ESET have managed to identify the perpetrators: this is the famous group APT cyber attacks Buhtrap, which mainly engages in espionage attacks in Eastern Europe and Central Asia. ESET has identified the group using attack techniques for the first time zero-days in its campaigns.
The team Buhtrap is well known for the targeting of financial institutions as well operational in Russia. However, since the end of 2015, her researchers ESET they noticed an interesting change in the profile of the traditional goals of the group. From a group that committed cyber crimes with a purely oriented economic benefit, the Buhtrap evolved and expanded its "arsenal" with malicious programs used for espionage.
Jean-Ian Boutin, ESET's top researcher, says:
It is always difficult to attribute a campaign to specific cybercriminals, once the source codeς των εργαλείων που χρησιμοποιούν είναι διαθέσιμος στον ιστό για όλους. Ωστόσο, καθώς η μετατόπιση του στόχου συνέβη πριν διαρρεύσει ο πηγαίος κώδικας, εκpriceWe are very confident that the perpetrators behind the first Buhtrap malware attacks against businesses and banks were also involved in the attacks against government organizations
It is unclear whether one or more members of this group have decided to change targeting and for what reasons, but it is certainly something that we may see happening more and more in the future.
As her research shows ESET, although in the group arsenal Buhtrap new tools have been added and at the same time the old ones have improved, the tactics, techniques and procedures used in recent years have not changed drastically in various campaigns.
To spread the malicious payloads, cybercriminals often used harmless documents as bait so that they would not arouse suspicion if the victim opened them. From the analysis of these documents they emerge data about who the targets of these attacks might be. The tools used in the espionage campaigns are very similar to those used in attacks against businesses and financial institutions.
With regard to this campaign, malware contained one password eavesdropping software access, which he was trying to collect Password from email programs, programs touretc. and send them to a server C&C. Malicious software allowed its operators to have full access to the compromised system.
More details about the group Buhtrap and its recent campaign are in the article "Buhtrap group uses zero-days in espionage campaigns ” on WeLiveSecurity.com.
- Debian 10 buster install the latest Firefox
- Q4OS 3.8 Centaurus for Windows users who do not want Windows
- Debian 10 Buster a few words about the latest stable release