http://arstechnica.com/security/2015/09/seven-years-of-malware-linked-to-russian-state-backed-cyberespionage/
By Sean Gallagher
Ars Technica
Sep 17, 2015
For the past seven years, a cyberespionage group operating out of
Russia—and apparently at the behest of the Russian government—has
conducted a series of malware campaigns targeting governments, political
think tanks and other organizations. In a report issued today, researchers
at F-Secure provided an in-depth look at an organization labelled by them
as “the Dukes,”which has been active since at least 2008 and has evolved
into a methodical developer of “zero-day” attacks, pulling together their
own research with the published work of other security firms to provide a
more detailed picture of the people behind a long-running family of
malware.
Characterized by F-Secure researchers as a “well resourced, highly
dedicated and organized cyberespionage group,” the Dukes have mixed
wide-spanning, blatant “smash and grab” attacks on networks with more
subtle, long-term intrusions that harvested massive amounts of data from
their targets, which range from foreign governments to criminal
organizations operating in the Russian Federation. “The Dukes primarily
target Western governments and related organizations, such as government
ministries and agencies, political think tanks and governmental
subcontractors,” the F-Secure team wrote. “Their targets have also
included the governments of members of the Commonwealth of Independent
States; Asian, African, and Middle Eastern governments; organizations
associated with Chechen terrorism; and Russian speakers engaged in the
illicit trade of controlled substances and drugs.”
The first known targets of the Dukes’ earliest-detected malware, known as
PinchDuke, were some of the first known targets were associated with the
Chechen separatist movement, by 2009 the Dukes were going after Western
governments and organizations in search of information about the
diplomatic activities of the United States and the North Atlantic Treaty
Organization. While most of the attacks have used spear phishing emails as
the means of injecting malware onto targeted systems, one of their attacks
have spread malware through a malicious Tor exit node in Russia, targeting
users of the anonymizing network with malware injections into their
downloads.
The known components of the Duke malware family, in the order they have
been detected by malware researchers at F-Secure, Kaspersky, Palo Alto
Research and others, are:
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
