Kaspersky Lab uncovers group behind long-running extortion schemeFebruary 10, 2016 - 08:18 AMT PanARMENIAN.Net - The first ever publicly-known Brazilian Portuguese-speaking cyber-espionage campaign has been uncovered, targeting financial institutions as well as telecommunications, manufacturing, energy and media companies, Infosecurity Magazine reports. The Poseidon Group is an advanced threat actor active in global cyber-espionage operations. According to the Kaspersky Lab Global Research and Analysis Team, it was heretofore undiscovered despite being active since at least 2005. “The Poseidon Group is a long-standing team operating on all domains: land, air and sea. Some of its command and control centers have been found inside ISPs providing Internet service to ships at sea, wireless connections as well as those inside traditional carriers,” said Dmitry Bestuzhev, director, Global Research and Analysis Team, Kaspersky Lab Latin America. “In addition, several of its implants were found to have a very short life span which contributed to this group being able to operate for such a long time without being detected.” The group’s standard M.O. is to manipulate victim companies into contracting the Poseidon Group as a security consultant, under the threat of exploiting the stolen information in a series of shady business deals. “What makes the Poseidon Group stand out is that it’s a commercial entity, whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims to coerce them into a business relationship,” researchers said in a blog post. “In addition, the malware is designed to function specifically on English and Brazilian Portuguese Windows machines, a first for a targeted attack.” At least 35 victim companies have been identified. Along with various verticals, Kaspersky Lab experts have also detected attacks on service companies that cater to top corporate executives. However, the victim spread is heavily skewed towards Brazil, where many of the victims have joint ventures or partner operations. The Poseidon Group relies on spear-phishing emails with RTF/DOC files, usually with a human resources lure, that drop a malicious binary into the target’s system when clicked on. Once a computer is infected, the malware reports to the command and control servers before beginning a complex phase of lateral movement. “This phase will often leverage a specialized tool that automatically and aggressively collects a wide array of information including credentials, group management policies and even system logs to better hone further attacks and assure execution of the malware,” the firm said, according to Infosecurity Magazine. By doing this, the attackers actually know what applications and commands they can use without alerting the network administrator during lateral movement and exfiltration. Top stories Yerevan will host the 2024 edition of the World Congress On Information Technology (WCIT). Rustam Badasyan said due to the lack of such regulation, the state budget is deprived of VAT revenues. Krisp’s smart noise suppression tech silences ambient sounds and isolates your voice for calls. Gurgen Khachatryan claimed that the "illegalities have been taking place in 2020." Partner news Most popular in the section | Armenian delegation participating in NATO PA session The delegation is headed by Andranik Kocharyan, the chairman of the standing committee on defense and security matters. Schengen visa cost won’t change for Armenia – diplomat The increase in the cost of a Schengen visa will not apply to citizens of Armenia, a Foreign Ministry spokesperson has said. Yeremyan Projects opens state-of-the-art dairy production plant Yeremyan Projects officially launched the Yeremyan Products state-of-the-art milk processing plant in Yerevan on May 24. Azerbaijan's defense spending set to increase by 11% Azerbaijan's spending on defense and national security will increase by 11%, according to a fresh bill. |