Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism

In the face of allegations that Kaspersky Lab works hand-in-hand with Russian intelligence, the Moscow-based cybersecurity published a detailed report Wednesday exposing a complex and expansive cyber-espionage operation orchestrated by what appears to be a Russia-based hacking group. The research, authored by Kaspersky’s high-level GReAT team, reveals some of the techniques, processes and tools used by an attacker with similarities to two known hacking groups, Sofacy and Turla. Both of these groups are considered advanced persistent threats (APTs) and have been linked to the Russian government by U.S. cybersecurity firms CrowdStrike and FireEye. Kaspersky rarely attributes hacking groups to particular governments. This latest activity revealed by Kaspersky is codenamed “WhiteBear,” as it resembles but doesn’t match up entirely with known Sofacy or Turla operations. WhiteBear is likely a subgroup within or campaign of Turla group, the firm says. Based on a technical analysis by Kaspersky, WhiteBear’s recent activity appears to represent […]

The post Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism appeared first on Cyberscoop.

Continue reading Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism

Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies

The Turla APT’s WhiteBear toolset was used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and South America during most of 2016. Continue reading Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies

Researchers uncover maze of hidden backdoors in European embassy and ministry systems

A series of covert backdoor implants were secretly installed over the last year on dozens of computers used by embassies and foreign ministries across Southeast Europe and former Soviet states, according to new research published by cybersecurity firm ESET. The malicious software was sent to victims through targeted phishing emails and allowed for a skilled group of hackers to remotely spy on foreign government officials and collect intelligence. Some cybersecurity firms believe the hacking group exposed by ESET, known as Turla, is connected to Russian intelligence services.  The backdoor used by Turla has been codenamed Gazer. ESET describes Gazer as a stealthy and complex hacking tool that is difficult to detect. The implant receives encrypted code from an external server, which can execute commands either directly through the infected machine or via another computer on a shared network. In addition, ESET found evidence that Turla leverages a virtual file system […]

The post Researchers uncover maze of hidden backdoors in European embassy and ministry systems appeared first on Cyberscoop.

Continue reading Researchers uncover maze of hidden backdoors in European embassy and ministry systems

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure. Continue reading Introducing WhiteBear

New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies

Researchers uncover the activities of the notorious Turla cyberespionage group, and specifically a previously undocumented backdoor that has been used to spy on consulates and embassies worldwide.
Read more in my article on the We Live Security blog.
Continue reading New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies

Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

Attackers behind APT campaigns have kept busy in Q2 2017, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines.

Continue reading Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

APT Trends report Q2 2017

Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to help combat the ever-increasing threat from nation-state and other advanced actors. Continue reading APT Trends report Q2 2017