0 記錄)
We found results matching "0" in 0 ms
  • Kaspersky researchers discover Russian cyber espionage against Russia

    時間: Oct. 10, 2020

    Steganography-transmitted malware has been used to spy on industrial targets in Russia.

     

    A recently discovered attack sheds light on how cyber espionage can be used not only for the interests of the nation-state, but also for potentially competitive or other espionage purposes.

     

    Researchers at Moscow-based Kaspersky Company discovered and analyzed a cyberattack campaign they called MontysThree.

     

    The global industrial sector has had its share of malware infections, both targeted and undirected, for several years. Attacks on corporate technology networks have increased, and according to a new survey by industrial security firm Claroty, about 56% of industrial sector organizations around the world have experienced more cyber threats during the COVID-19 pandemic.

     

    MontysThree, apparently unconnected to the threat groups Kaspersky currently tracks, uses relatively unusual techniques in its attack campaign, including steganography, a sophisticated method of hiding malware behind images, and a relatively cumbersome HTTP Remote Access communication method. via remote desktop protocol. The group also put a false flag in the code of some of their email files to appear as a Chinese-speaking actor.

     

    Loader malware disguised as steganography in phishing email uses a bitmap file to hide the malware. Decoys are SFX RAR files that contain employee contact names, documentation, and medical results.

     

    Steganography is an old but rarely used obfuscation method and it is not easy to use. Legezo believes that the attackers attempted to sneak past IDS / IPS tools on victimized networks by hiding the malware behind seemingly innocent image files.

     

    MontysThree encrypts user data and primarily searches for Microsoft and Adobe Acrobat files. At the same time, the usual spying tasks of gathering information about the configuration and characteristics of the target computers are performed. Attackers store your stolen files on public cloud services like Google, Microsoft, and Dropbox to camouflage their activities and avoid alarms from security tools.

     

    MontysThree also uses an interesting method for remote access communication instead of incorporating communication protocols into the malware.

     

    Attackers also use Citrix clients: "Citrix communication proceeds in the same way: the malware does not implement the protocol, but looks for Windows Quick Launch .lnk for XenApp pnagent.exe, runs Internet Explorer remotely and communicates with it at via the Clipboard with special keyboard shortcuts, ”says Kaspersky's whitepaper on the attack.

     

    They were also discovered in other errors by novice attackers: connecting to RAM and files at the same time and storing the encryption keys in the same file.

     

    Despite this, Legezo believes that MontysThree is still fine-tuning and polishing its attack frame and is therefore following the group closely.

     

    buy kaspersky internet security cheap kaspersky key buy cheap kaspersky kaspersky antivirus key

歡迎來到bzfuture登錄。

New users register get 20% discount BTS15 for software products

還沒有註冊?   立即註冊

使用第三方帳戶登錄:

  • google
  • Twitch
  • Youtube

歡迎來到bzfuture註冊。

20% discount code: BTS15 for all software products
  • 電子郵件地址 *(Used To Receive Key)

    請輸入有效電子郵件。

  • 密碼*

    6至16個字母,數字和特殊字符。

  • 確認密碼*

  • 名字* *

  • 我已閱讀並同意 
    訂閱bzfuture優惠,競賽和新聞快訊。

已經有一個Gamedeal帳戶?   現在登入

使用第三方帳戶登錄

  • google
  • Twitch
  • Youtube

提示:

increase-the_programe_has_been_successfully

提示:

increase-the_programe_has_been_successfully

提示:

系統忙。請等待,然後重試。

成功註冊

安全驗證

You have an unextracted key !
一個新項目已添加到您的購物車中。