Hi Lib Tech
The Citizen Lab's Seth Hardy has authored a new research post, "APT1s GLASSES –
Watching a Human Rights Organization,"
which analyzes some malware targeting civil society that relates to data in the
much discussed Mandiant report.
Key Findings
• Malware (“GLASSES”) sent in 2010 is a simple downloader that is
closely related to the GOGGLES malware described by Mandiant in their APT1
report.
• GLASSES was sent in a highly targeted email to a Tibetan human rights
organization, demonstrating that APT1 is involved in more than just industrial
and corporate espionage, with attacks against civil society actors documented
as early as almost three years ago.
• The methods and infrastructure of this attack are consistent with
those described in Mandiant’s APT1 report, e.g., spear phishing against an
English-speaking target, having an infrastructure of compromised machines for
malware distribution and C2 operation.
• The GLASSES sample analyzed shares a large percentage of code and an
operational C2 server with a GOGGLES sample, indicating that they are from the
same source.
• The GOGGLES sample we discovered that communicates to the shared C2
server is not exactly the same as described in the Mandiant report, indicating
that GLASSES may be a variant of GOGGLES, and that the software has been used
while under active development.
Link here for those interested in the further and complete details:
https://citizenlab.org/2013/02/apt1s-glasses-watching-a-human-rights-organization/
Regards
Ron
Ronald J. Deibert
Professor of Political Science
Director, The Canada Centre for Global Security Studies and
The Citizen Lab
Munk School of Global Affairs
University of Toronto
[email protected]
http://deibert.citizenlab.org/
twitter.com/citizenlab
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
