Buhtrap: Recently, the ESET had issued a notice on the discovery of one "zero-day ” exploit which was used in a highly targeted attack in Eastern Europe. THE technique attack exploit was based on vulnerability LPE (local privilege escalation) of Microsoft Windows.
Her researchers ESET have managed to identify the perpetrators: this is the famous group APT Buhtrap cyberattacks, which he mainly carries out attacks espionage in Eastern Europe and Central Asia. ESET detected the group using attack techniques for the first time zero-days in its campaigns.
The team Buhtrap is well known for the targeting of financial institutions as well operational in Russia. However, since the end of 2015, her researchers ESET they noticed an interesting change in the profile of the traditional goals of the group. From a group that committed cyber crimes with a purely oriented economic benefit, the Buhtrap evolved and expanded its "arsenal" with malicious programs used for espionage.
Jean-Ian Boutin, ESET's top researcher, says:
It is always difficult to attribute a campaign to specific cybercriminals since the source code of the tools they use is available on the web for all to see. However, since the target shift happened before the source code was leaked, ccpriceWe are very confident that the perpetrators behind the first Buhtrap malware attacks against businesses and banks were also involved in the attacks against government organizations
It is unclear whether one or more members of this group have decided to change targeting and for what reasons, but it is certainly something that we may see happening more and more in the future.
As her research shows ESET, although in the group arsenal Buhtrap new tools have been added and at the same time the old ones have improved, the tactics, techniques and procedures used in recent years have not changed drastically in various campaigns.
For the spread of malicious cargo, cyber criminals often used insecure documents as bait so they would not be suspicious if the victim opened them. The analysis of these documents gives evidence of what the targets of these attacks might be. The tools used in the espionage campaigns are very similar to those used in attacks on businesses and financial institutions.
With regard to this campaign, malware contained one password-escaping software, which he was trying to collect Password emails, browsers, etc. and send them to a server C&C. Malicious software allowed its operators to have full access to the compromised system.
More details about the group Buhtrap and its recent campaign are in the article "Buhtrap group uses zero-days in espionage campaigns ” on WeLiveSecurity.com.
______________________
- Debian 10 buster install the latest Firefox
- Q4OS 3.8 Centaurus for Windows users who do not want Windows
- Debian 10 Buster a few words about the latest stable release