LuckyMouse attacks on government networks & private companies

ESET unveils EmissarySoldier: The team campaign APT LuckyMouse attacks government networks and private companies (telecommunications, media and banks) in Central Asia and the Middle East

• The research included in the Report of the global cybersecurity company ESET on the Public Sector and which incorporates opinions of the European Commission, the CERN and Europol, was recently presented at a virtual conference for ESET Europe Cyber ​​Security Day.
• Η μεγαλύτερη και κοινός εχθρός για όλες τις κυβερνήσεις είναι οι ομάδες προηγμένων επίμονων απειλών (APT).

The European Union's cybersecurity strategy, like the strategy of all governments internationally, is challenged not only by the adoption of the "digital by default" principle, but also by the COVID-19 pandemic, by the mass application of teleworking (from home), as well as threats such as cyber espionage, ransomware and supply-chain attacks. But the biggest challenge of all, and a common enemy for all governments, is the Advanced Persistence Threat (APT) teams.

APT teams utilize sophisticated tools

ESET's global Public Sector's report on public sector was recently presented at a virtual conference for ESET Europe Cyber ​​Security Day. The report examines the potential threats posed by APT teams, highlights their complex nature, and focuses on the EmissarySoldier campaign, a malicious campaign launched by the APT LuckyMouse team using the SysUpdate toolkit to attack machines, some of which ran Microsoft SharePoint application.

This LuckyMouse team analysis looks at the relatively unknown SysUpdate toolkit - the first samples of which were discovered in 2018. Since then, the toolbox has seen various stages of development. The LuckyMouse team installs λογισμικό της εφαρμόζοντας μια στρατηγική τριών στοιχείων: μια νόμιμη εφαρμογή ευάλωτη σε παραβίαση DLL, ένα προσαρμοσμένο αρχείο DLL που φορτώνει κακόβουλο αρχείο και ένα αρχείο raw binary payload κρυπτογραφημένο με τον αλγόριθμο Shikata Ga Nai.

Overview of the three-element model

Because SysUpdate's modular architecture allows its operators to limit exposure to malicious objects at will, ESET researchers have not been able to recover any malicious part and believe that this will be a constant challenge in future analyzes. However, the LuckyMouse team increased its activity in 2020, possibly going through an update process where various functions were gradually integrated into the SysUpdate toolkit.

Monitoring the evolution of tools used by APT teams, such as the LuckyMouse team, is a key concern, as governments have a responsibility to ensure stability for citizens, the business environment and cooperation with other nation-states. These governance tasks are threatened as LuckyMouse and other APT teams, including government agencies and their affiliates, target broad collaboration platforms such as Microsoft SharePoint and digital services.

The Public Sector in focus

In 2020 and 2021, several ESET research collaborations matured, including collaborations with the European Organization for Nuclear Research (CERN), the European Police Office (Europol) and the French Information Systems Security Agency (ANSSI). As highlighted in the virtual event and in the report, governments and their IT infrastructure are considered to be the default targets.

According to the report, technology experts must continue to support governments in closing security gaps and monitor the tactics, techniques and procedures of APT teams through the various Endpoint detection and protection technologies available to them. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new by email.

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).