Buhtrap the team behind zero-day attacks

Buhtrap: Recently, the ESET had issued a notice on the discovery of one "zero-day ” exploit which was used in a particularly targeted attack in Eastern Europe. The attack technique exploit was based on vulnerability LPE (local privilege escalation) of .

Her researchers ESET have managed to identify the perpetrators: this is the famous group APT cyber attacks Buhtrap, which mainly engages in espionage attacks in Eastern Europe and Central Asia. ESET has identified the group using attack techniques for the first time zero-days in its campaigns.

Buhtrap object

The team Buhtrap is well known for the targeting of financial institutions as well operational in Russia. However, since the end of 2015, her researchers ESET they noticed an interesting change in the profile of the traditional goals of the group. From a group that committed cyber crimes with a purely oriented economic benefit, the Buhtrap evolved and expanded its "arsenal" with malicious programs used for espionage.

Jean-Ian Boutin, ESET's top researcher, says:

It is always difficult to assign a campaign to specific cybercriminals, since the source code of the tools they use is available on the web for everyone. However, as the target shifting occurred before the source code went, we greatly appreciated that the perpetrators behind Buhtrap's first malware attacks against businesses and banks were also involved in attacks on government agencies

It is unclear whether one or more members of this group have decided to change targeting and for what reasons, but it is certainly something that we may see happening more and more in the future.

Important events of the Buhtrap team (ESET image)

As her research shows ESET, although in the group arsenal Buhtrap new ones added and at the same time the old ones were improved, the tactics, techniques and procedures used during the past years in various campaigns have not changed drastically.

For the spread of malicious cargo, cyber criminals often used insecure documents as bait so they would not be suspicious if the victim opened them. The analysis of these documents gives evidence of what the targets of these attacks might be. The tools used in the espionage campaigns are very similar to those used in attacks on businesses and financial institutions.

With regard to this campaign, malware contained one password interception, which he was trying to collect Password emails, browsers, etc. and send them to a server C&C. It allowed its operators to have full access to the compromised system.

ESET immediately reported the matter to the Microsoft Security Response Center, which in turn fixed the vulnerability and issued a patch.

More details about the group Buhtrap and its recent campaign are in the article "Buhtrap group uses zero-days in espionage campaigns ” on WeLiveSecurity.com.

______________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).