The gate Arab news technical
Revealed company Kaspersky Lab on the infrastructure used by groups subversive Russian-speaking, called the Crouching Yeti known threats, advanced persistent, the formation of infrastructure discovered this beautiful Subversion that know you by name Energetic Bear, on servers compromised all over the world.
Research showed Kaspersky Lab that this assembly was able to hit many servers in different countries since the year 2016, which I like sometimes the way to get to other resources, in the use of other servers, including what hosts the Russian positions, as outlet to reach out to companies in accordance with the method known as Watering Holes.
Considers the Crouching Yeti group of sophisticated Russian-speaking, are active in advanced persistent threats, and Kaspersky keeps track of its activity since the year 2010, it is known that they are targeting industrial sectors in all over the world, with a primary focus on the energy facilities with the aim to steal valuable data of large systems that fall victim to it.
These Assembly methods of various attacks of what is known as the Watering Holes, where the attackers enter the link to the Web sites used heavily between employees of the company to direct visitors to server malicious.
I discovered Kaspersky Lab recently a number of servers that have been compromised by the vandalism, which belong to the several companies in Russia and the United States, Turkey and European countries, and not limited to industrial companies, according to the researchers in the company, has been targeting these servers, in the years 2016 and 2017 for different purposes, and that’s why it was used in some cases as an intermediary to carry out attacks on other resources.
The researchers were able, during the process of analysis conducted on infected servers, select the many sites and servers used by enterprises in Russia and the United States, Europe, Asia and Latin America, which the attackers examined with different tools, to find maybe the server can use to forward to host-tools task bar and then launch attacks from.
May be some of the sites examined may have sparked the interest of the attackers as a candidate to become the Watering Holes to trap victims, the researchers found that the group of sites and servers that captured the attention of the attackers was massive, and they have examined many of the websites of various kinds, shops and e-services, public institutions, non-governmental organizations, manufacturing companies, and others.
Also the experts found that the assembly tools use the malicious available to the public and designed to bring servers and checked, to look for information and collect it, as it is the rate of type sshd with a back door previously installed on the device, and use this file to replace the original file, which can be run using the “master password”.
Confirmed Vladimir the, head of the research group regarding gaps in the Emergency Response Team electronic systems for industrial control have Kaspersky Lab, the Russian-speaking Crouching Yeti is characterized with a bad reputation pointing to it is published since several years and is still successfully targeting industrial companies through the attacks of Watering Holes and other methods, said: “our findings show that that the group hacked the servers not for the creation of Watering Holes to trap victims only, but also to conduct further tests, and has been active in the use of open source tools to make the determined after that difficult”,
Added the: “harness Assembly activities, such as the initial data and confidential data, identity verification and checking of resources, in order to wage more attacks, and includes the diversity of infected servers and the resources checked-in to that the Assembly may be worked for the benefit of other parties”.
Recommends Kaspersky Lab that the companies apply the system of comprehensive protection from advanced threats, and includes security solutions customized to detect attacks and handle incidents, in addition to the Commission of the services provided by the experts and information concerning threats.
Kaspersky Lab determine the structure under all of the Crouching Yeti disruptive