Category Archives: Central Asia

How Uzbekistan’s security service (allegedly) began developing its own malware

Posted on by

For years, Uzbekistan’s feared intelligence service, the National Security Service, has been accused of aggressively spying on citizens and abusing human rights in the Central Asian country under the guise of its counterterrorism and security operations. Now, the NSS’s reported use of hacking tools in that activity is coming into clearer view, thanks to new research. The ex-Soviet state’s security service appears to be shedding its hacking training wheels and making a lot of noise in the process. After burning multiple zero-day exploits acquired from vendors, an NSS-linked group dubbed SandCat has over the last year been testing malware it developed on its own, according to Brian Bartholomew, security researcher at cybersecurity company Kaspersky. The evolution shows how a proliferation of surveillance vendors has made it easier for relatively obscure governments to acquire and develop their own hacking tools. Before this project, Bartholomew hadn’t tracked any cyber activity out of Uzbekistan. “I […]

The post How Uzbekistan’s security service (allegedly) began developing its own malware appeared first on CyberScoop.

Continue reading How Uzbekistan’s security service (allegedly) began developing its own malware

Researchers uncover new MuddyWater targeting of government, telecommunications entities

Posted on by

Undeterred by the reported dumping of its data online, an Iran-linked hacking group has been using malicious documents and files to target telecommunications organizations and impersonate government entities in Iraq, Pakistan, and Tajikistan, researchers said Thursday. The so-called MuddyWater group has been carrying out attacks in two stages against the targets, according to research published by Israeli company ClearSky Cyber Security. The first stage uses lure documents to exploit a known vulnerability in Microsoft Office that allows for remote code execution. The second stage lets the attackers communicate with hacked servers to download an infected file. “This is the first time MuddyWater has used these two vectors in conjunction,” ClearSky said in its research, which warned that just three antivirus engines were detecting the malicious documents analyzed. In one example, a document disguised as a United Nations development plan for Tajikistan was actually packed with malware. The malware was uploaded to VirusTotal, the […]

The post Researchers uncover new MuddyWater targeting of government, telecommunications entities appeared first on CyberScoop.

Continue reading Researchers uncover new MuddyWater targeting of government, telecommunications entities

New APT group TajMahal operates as a ‘full-blown spying network,’ Kaspersky says

Posted on by

Researchers have uncovered an advanced persistent threat that for at least five years has used an array of hacking tools and covert automatic updates as part of a hacking campaign that bears little technical similarity to any other APT. The “TajMahal” cyber-espionage group uses software backdoors, audio recorders, keyloggers, screen and webcam grabbers, cryptography key stealers and up to 80 malicious modules as part of a “full-blown spying framework,” according to research published Wednesday by Kaspersky Lab. TajMahal relies on an entirely new base of code that has no similarities to other known malware or APT techniques, helping its operators avoid detection between August 2013 and April 2018, researchers found. “Just to highlight its capabilities, TajMahal is able to steal data from a CD burnt by a victim as well as from the printer queue,” Kaspersky said in a blog post. “It also can request to steal a particular file from […]

The post New APT group TajMahal operates as a ‘full-blown spying network,’ Kaspersky says appeared first on CyberScoop.

Continue reading New APT group TajMahal operates as a ‘full-blown spying network,’ Kaspersky says