Buhtrap: Recently, the ESET had issued a notice on the discovery of one "zero-day ” exploit which was used in a particularly targeted attack in Eastern Europe. The attack technique exploit was based on vulnerability LPE (local privilege escalation) of Microsoft Windows.
Her researchers ESET have managed to identify the perpetrators: this is the famous group APT cyber attacks Buhtrap, which mainly engages in espionage attacks in Eastern Europe and Central Asia. ESET has identified the group using attack techniques for the first time zero-days in its campaigns.
The team Buhtrap is well known for the targeting of financial institutions as well operational in Russia. However, since the end of 2015, her researchers ESET they noticed an interesting change in the profile of the traditional goals of the group. From a group that committed cyber crimes with a purely oriented economic benefit, the Buhtrap evolved and expanded its "arsenal" with malicious programs used for espionage.
Jean-Ian Boutin, ESET's top researcher, says:
It is always difficult to assign a campaign to specific cybercriminals, since the source code of the tools they use is available on the web for everyone. However, as the target shifting occurred before the source code went, we greatly appreciated that the perpetrators behind Buhtrap's first malware attacks against businesses and banks were also involved in attacks on government agencies
It is unclear whether one or more members of this group have decided to change targeting and for what reasons, but it is certainly something that we may see happening more and more in the future.
As her research shows ESET, although in the group arsenal Buhtrap new tools have been added and at the same time the old ones have improved, the tactics, techniques and procedures used in recent years have not changed drastically in various campaigns.
For the spread of malicious cargo, cyber criminals often used insecure documents as bait so they would not be suspicious if the victim opened them. The analysis of these documents gives evidence of what the targets of these attacks might be. The tools used in the espionage campaigns are very similar to those used in attacks on businesses and financial institutions.
With regard to this campaign, malware contained one password-escaping software, which he was trying to collect Password emails, browsers, etc. and send them to a server C&C. Malicious software allowed its operators to have full access to the compromised system.
More details about the group Buhtrap and its recent campaign are in the article "Buhtrap group uses zero-days in espionage campaigns ” on WeLiveSecurity.com.
______________________
- Debian 10 buster install the latest Firefox
- Q4OS 3.8 Centaurus for Windows users who do not want Windows
- Debian 10 Buster a few words about the latest stable release