The gate Arab news technical
Noted researchers at Kaspersky Lab that the gang crime e-famous Sofacy will Service Russian-speaking, began to turn their attention to the target bodies and organizations, military and defence diplomatic factor in the Far East, as well as organizations associated with NATO, which constitute the targets of traditional.
The researchers found that the gang also known by the names APT28 or fancy beer, Fancy Bear, interfere in their criminal activity, sometimes with other groups, including Turley Turla Russian-speaking and Dante Danti speaking in Chinese.
Among the more things interesting than revealed by the researchers, the presence of rear doors on a server, third military satellite in China, had been compromised by a group of subversive in English which stands behind the family of software Lamberts malicious.
Consists of the gang will Service of a powerful group of activists in the field of trade electronic who are pursuing researchers at Kaspersky Lab active since several years, the Kaspersky Lab published in February, a summary of the years on the activities of this gang in the year 2017, which revealed its gradual progression away from goals related to NATO towards the Middle East and Central Asia and beyond.
Used will Service phishing attacks and sometimes the attacks known as “open water” where a group of sabotage the victim’s access to Web sites the original bomb trap in order to steal information, including credentials to access accounts, Contacts and documents are sensitive, as required in the delivery of cargo destroyed to different objectives.
Show the new results that will service is not the Troll only to these areas, and that there is overlap in the goals happen sometimes between several points of the threat, the researchers found in the case of will diplomatic scenarios witnessed matchup on access to victims among the malicious software Zebrocy of the punishment and the programming of the other ring Mosquito Turley Mosquito Turla Russian-speaking, or the matchup between the attacks of the SPLM affiliate and attacks traditional waged by both Turley and Dante speaking in Chinese, included the common objectives of the government departments, institutions, technology and military, of the Central Asian region or factor.
It has seemed in some cases that the objectives attacked increasingly separate from all of SPLM وZebrocy, however, the trading, the most curious was most likely that’s what happened between will Service and group disruptive English-speaking which stand behind the attacks of the Lamberts.
And discover the link between the two attacks after the researchers found the presence of some on the server was information previously referred to being infiltrated by software Grey Lambert malicious, is this server a Chinese company are designing techniques for the purposes of aviation and air defense and manufactured.
However, it remains the original carrier attack SPLM, in this example unknown, which raises a number of possible hypotheses, such as the fact that you will Service can use a loophole yet to be discovered or a new breed of back doors, or that she was somehow able to harness the communication channels in the Grey Lambert to download malware.
It may also mean that the indicators to the presence of will Service can represent a ray of false, planted during the previous attendees software Lambert on the server, and the researchers of their work under the belief that the biggest celebration is in the fact that software PowerShell new uncharted or a Web application original but it’s weak, has been exploited to improve the programming of the SPLM and its implementation in this case.
Pointed out Kurt Baumgartner, a security researcher in charge has the Kaspersky Lab, noted that some filming will Service sometimes a gang of brutal and reckless, but he stressed that what can be seen through the control of its activity is to set “realistic and responsible”, he said “I want thorough reports on the activity of the group in the countries of the Far East, but obviously they are not the disruptive only care about that region, or even the objectives themselves, and we may experience further examples of overlapping goals, especially given the increasing complexities in the threat landscape-e, this may explain many of the disruptive checks for any presence of third parties in the systems of the victims before targeting and their attacks on us.”
As well researchers found that will Service reserves now being a subsidiary distinct for each tool of the tools of sabotage, with groups clustered programming and development guidance for each of the SPLM“, also known by name two CHOPSTICK وXagent” وGAMEFISH وZebrocy.
Considers the SPLM basic tool that is often the choice of will service to carry out attacks in its second phase, while using Zebrocy to launch attacks and large size, according to the researchers, targeting the gang will service in early 2018 large commercial enterprises in the area of air defense of China through the SPLM, in the use of Zebrocy on a wider scale in all of Armenia, Turkey, Kazakhstan, Tajikistan, Afghanistan, Mongolia, China and Japan.
Recommends Kaspersky Lab institutions that manage the operations relevant to military activities and defence diplomacy in the affected areas, the implementation of the following actions to avoid falling victim to the attack wave advanced:
- Use the Security Solution installed with excellent techniques to combat targeted attacks and threats.
- Allow security staff to access the latest data threats, what would you arm them with helpful tools for research and prevention of targeted attacks, such as indicators of penetration and YARA and special reports of the threats developed.
- If identified early signs of an attack exists, the user must bear in mind the managed security services that allow him to detect the advanced threats in a proactive manner, and reduce the time it takes to wait and installation experiences with accidents in a timely manner.
The gang will diplomat turned their attention toward the bodies, the military and diplomacy