Security researchers at Symantec discovered a large-scale cyber attack which is targeting embassies of former soviet states worldwide. The experts detected a huge cyber attack that has been carried out across more than 15 countries, the embassies in France, Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, Germany and other countries have been targeted by hackers. In time I’m writing, there aren’t further news on the specific state embassies targeted.
In cases like this, the first thought is that the operations are conducted by state-sponsored hackers, the bad actors used a couple of known malware in the attacks, named Wipbot and Tavdig, to infect systems in the targeted embassies probably for cyber espionage.
According to the researchers the attackers used a watering hole technique to infect victims at the embassies, it is likely that bad actors compromised websites visited by embassy personnel, it has been estimated that at least 84 websites have been hacked with this intent.
Watering hole attacks are very difficult to be detected and allow attackers to infect only the targeted communities of users.
The researchers speculated that the malware detected could have been used by bad actors in a first stage of the attack, in successive stages more complex malware (like Turla, Uroboros, Snake and Carbon) would then be spread.
” It appears that this combination of malware has been used for classic espionage-type operations for at least four years. Because of the targets chosen and the advanced nature of the malware used, Symantec believes that a state-sponsored group was behind these attacks.” states Symantec.
Some experts believe that the US is the State behind the attacks, but the analysis of the source of the hacking has been traced back to the UTC +4 timezone, which includes Moscow.
“In one instance, the malware delivered was disguised as a Shockwave installer bundle,” “”Wipbot was then used to gather further information about the infected computer.”
“If the attackers deemed the victim of interest, it appears likely that a second back door trojan with far greater capabilities was downloaded on to the victim’s computer.” said a Symnatec researcher in a statement.
Victims of the attacks were being redirected to Web servers where a ‘fingerprinting’ script was executed to gather identifying information about the visitor’s PC. The bad actors in this phase were collecting data which would be used to choose the best exploits to compromise the targeted machine.
[adrotate banner=”9″]
(Security Affairs – Turla APT group, cyber espionage)
Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…
ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its…
Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…
Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a…
This website uses cookies.