Buhtrap the team behind zero-day attacks

Buhtrap: Recently, the ESET had issued a notice on the discovery of one "zero-day ” exploit which was used in a particularly targeted attack in Eastern Europe. The attack technique exploit was based on vulnerability LPE (local privilege escalation) of .

Her researchers have managed to identify the perpetrators: this is the famous group APT cyber attacks Buhtrap, which mainly engages in espionage attacks in Eastern Europe and Central Asia. ESET has identified the group using attack techniques for the first time zero-days in its campaigns.

Buhtrap object

The team Buhtrap is well known for the targeting of financial institutions as well operational in Russia. However, since the end of 2015, her researchers ESET they noticed an interesting change in the profile of the traditional goals of the group. From a group that committed cyber crimes with a purely oriented economic benefit, the Buhtrap evolved and expanded its "arsenal" with malicious programs used for espionage.

Jean-Ian Boutin, ESET's top researcher, says:

It is always difficult to attribute a campaign to specific cybercriminals, once the source ς των εργαλείων που χρησιμοποιούν είναι διαθέσιμος στον ιστό για όλους. Ωστόσο, καθώς η μετατόπιση του στόχου συνέβη πριν διαρρεύσει ο πηγαίος κώδικας, εκWe are very confident that the perpetrators behind the first Buhtrap malware attacks against businesses and banks were also involved in the attacks against government organizations

It is unclear whether one or more members of this group have decided to change targeting and for what reasons, but it is certainly something that we may see happening more and more in the future.

Important events of the Buhtrap team (ESET image)

As her research shows ESET, although in the group arsenal Buhtrap new tools have been added and at the same time the old ones have improved, the tactics, techniques and procedures used in recent years have not changed drastically in various campaigns.

To spread the malicious payloads, cybercriminals often used harmless documents as bait so that they would not arouse suspicion if the victim opened them. From the analysis of these documents they emerge about who the targets of these attacks might be. The tools used in the espionage campaigns are very similar to those used in attacks against businesses and financial institutions.

With regard to this campaign, malware contained one password eavesdropping software , which he was trying to collect Password from email programs, programs etc. and send them to a server C&C. Malicious software allowed its operators to have full access to the compromised system.

ESET immediately reported the matter to the Microsoft Security Response Center, which in turn fixed the vulnerability and issued a patch.

More details about the group Buhtrap and its recent campaign are in the article "Buhtrap group uses zero-days in espionage campaigns ” on WeLiveSecurity.com.


iGuRu.gr The Best Technology Site in Greecefgns

Get the best viral stories straight into your inbox!

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).