Pawn Storm Hacking Develops New Tools For Cyberespionage
Comments Off on Pawn Storm Hacking Develops New Tools For Cyberespionage
A Russian cyberespionage group known as Pawn Storm has made use of new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.
Since August, the group has been engaged in an attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.
During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.
The Kaspersky Lab researchers believe that this module’s goal is to defeat so-called network air gaps, network segments where sensitive data is stored and which are not connected to the Internet to limit their risk of compromise.
However, it’s fairly common for employees in organizations that use such network isolation policies to move data from air-gapped computers to their workstations using USB thumb drives.
Pawn Storm joins other sophisticated cyberespionage groups, like Equation and Flame, that are known to have used malware designed to defeat network air gaps.
“Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena,” the Kaspersky researchers said in a blog post. “This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day.”
Source- http://www.thegurureview.net/aroundnet-category/pawn-storm-hacking-group-develops-new-tools-for-cyberespionage.html
More Trojan Malware Found On Macs
Following the outbreak of the Flashback Mac Trojan, security researchers have identified two more cases of Mac OS X malware. The good news is most Mac owners have little reason to worry about them.
Both cases are variants on the same Trojan, called SabPub, Kaspersky Lab Expert Costin Raiu wrote on Securelist.
The first variant is known as Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on Websites, and allows for remote control of affected systems. It was created roughly one month ago.
Fortunately, this malware isn’t a threat to most users for a few reasons: It may have only been used in targeted attacks, Raiu wrote, with links to malicious Websites sent via e-mail, and the domain used to fetch instructions for infected Macs has since been shut down.
Furthermore, Apple’s security update for Flashback helps render future Java-based attacks harmless. In addition to removing the Flashback malware, the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application.
The second SabPub variant is old-school compared to its sibling. Instead of attacking through malicious Websites, it uses infected Microsoft Word documents as vector, distributed by e-mail.