Looking at Big Threats Using Code Similarity. Part 1

Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team, is now being made available to a wider audience. Continue reading Looking at Big Threats Using Code Similarity. Part 1

‘Turla’ spies have been stealing documents from foreign ministries in Eastern Europe, researchers find

A notorious group of suspected Russian hackers have used a revamped tool to spy on governments in Eastern Europe and quietly steal sensitive documents from their networks, researchers said Tuesday. The discovery shines greater light on the operations of Turla, an elite cyber-espionage group that’s been around well over a decade and is widely believed to be working on behalf of Russia’s FSB intelligence agency. It’s the latest example of Turla’s ability to write code designed to lurk on victim computers for years and extract state secrets. Turla is “still actively developing complex and custom pieces of malware in order to achieve long-term persistence in their target’s network,” said Matthieu Faou, a malware researcher at anti-virus firm ESET, who analyzed the code. The attacks started roughly two years ago, and hit two foreign affairs ministries in Eastern Europe and a national parliament in the Caucasus region bordering Russia, according to […]

The post ‘Turla’ spies have been stealing documents from foreign ministries in Eastern Europe, researchers find appeared first on CyberScoop.

Continue reading ‘Turla’ spies have been stealing documents from foreign ministries in Eastern Europe, researchers find

Russian intelligence-backed hackers go after Armenian government websites with new code

Computer code used by hackers tied to Russia’s FSB intelligence agency has haunted governments around the world for years. The hackers’ tools have been associated with a damaging breach of U.S. military networks in the mid-to-late 1990s, and used in a cunning hijacking of Iranian infrastructure more than two decades later. Now, malware analysts have surfaced a new piece of code that they say the Russian hacking group, dubbed Turla, is using to spy on government websites in the Eurasian country of Armenia. The Turla operatives set up malicious web infrastructure known as a “watering hole” in an apparent attempt to surveil Armenian government officials last year. “It is likely that the Turla operators already know who they want to target and may even know the ranges of IP addresses they generally use” before carrying out an operation, said Matthieu Faou, malware researcher at ESET, the antivirus firm that discovered the campaign. ESET knows of […]

The post Russian intelligence-backed hackers go after Armenian government websites with new code appeared first on CyberScoop.

Continue reading Russian intelligence-backed hackers go after Armenian government websites with new code

IT threat evolution Q3 2019

Mobile espionage targeting the Middle East, new FinSpy iOS and Android implants, Dtrack banking malware and other security news Continue reading IT threat evolution Q3 2019