Data-Deposit-Box-DataDepositBox-Online-Backup-Cloud-Data-Remote-Backup

First ever publicly-known Brazilian Portuguese-speaking cyberespionage campaign targeting financial institutions as well as telecommunications, manufacturing, energy and media companies

TENERIFE, SPAIN – February 9, 2016 – /BackupReview.info/ — The Kaspersky Lab Global Research and Analysis Team has announced the discovery of the Poseidon Group, an advanced threat actor active in global cyber-espionage operations since at least 2005. What makes the Poseidon Group stand out is that it’s a commercial entity, whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims to coerce them into a business relationship. In addition, the malware is designed to function specifically on English and Brazilian Portuguese Windows machines, a first for a targeted attack.

At least 35 victim companies have been identified with primary targets including financial and government institutions, telecommunications, manufacturing, energy and other service utility companies, as well as media and public relations firms. Kaspersky Lab experts have also detected attacks on service companies that cater to top corporate executives. Victims of this group have been found in the following countries:

  • United States
  • France
  • Kazakhstan
  • United Arab Emirates
  • India
  • Russia

However, the victim spread is heavily skewed towards Brazil, where many of the victims have joint ventures or partner operations.

One of the characteristics of the Poseidon Group is an active exploration of domain-based corporate networks. According to Kaspersky Lab’s analysis report, the Poseidon Group relies on spear-phishing emails with RTF/DOC files, usually with a human resources lure, that drop a malicious binary into the target’s system when clicked on. Another key finding is the presence of Brazilian-Portuguese language strings. The Group’s preference for Portuguese systems, as revealed by the samples, is a practice that has not previously been seen.

Once a computer is infected, the malware reports to the command and control servers before beginning a complex phase of lateral movement. This phase will often leverage a specialized tool that automatically and aggressively collects a wide array of information including credentials, group management policies, and even system logs to better hone further attacks and assure execution of the malware. By doing this, the attackers actually know what applications and commands they can use without alerting the network administrator during lateral movement and exfiltration.

The information gathered is then leveraged by a fronting business to manipulate victim companies into contracting the Poseidon Group as a security consultant under the threat of exploiting the stolen information in a series of shady business deals to benefit Poseidon.

“The Poseidon Group is a long-standing team operating on all domains: land, air and sea. Some of its command and control centers have been found inside ISPs providing Internet service to ships at sea, wireless connections as well as those inside traditional carriers,” said Dmitry Bestuzhev, Director, Global Research and Analysis Team, Kaspersky Lab Latin America. “In addition, several of its implants were found to have a very short life span which contributed to this group being able to operate for such a long time without being detected.”

As the Poseidon Group has been active for at least ten years, the techniques used to design its implants have evolved, making it hard for many researchers to correlate indicators and put all of the pieces together. However, by carefully collecting all the evidence, working with the threat actor’s calligraphy and reconstructing the attacker’s timeline, Kaspersky Lab experts were able to establish by the middle of 2015 that previously detected but unidentified traces in fact belonged to the same threat actor, the Poseidon Group.

Kaspersky Lab’s products detect and remove all known versions of Poseidon Group components.

To read the full report on the Poseidon Group with a detailed description of the malicious tools and stats, together with indicators of compromise, see Securelist.com

Learn how sophisticated targeted attacks are investigated: http://www.youtube.com/watch?v=FzPYGRO9LsA

More about cyberespionage operations here: https://apt.securelist.com/

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.

Learn more at www.kaspersky.com

For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Sarah Kitsos
781.503.2615
sarah.kitsos@kaspersky.com
www.kaspersky.com

Source: Kaspersky Lab

 

 

General Tags: online backup providers directory, online backup news, top rated online backups, data storage, online file storage, backing up online, online backup companies, software as a service, compare online backups, online backup reviews, data security, online backup services, cloud computing, SaaS, online file backup, online data backup, CEO interviews, online backup

Like us on Facebook




===========================
Do you like this post? Subscribe to our RSS feed ===========================

Sponsored Links:

Data Deposit Box

Asigra

Bacula Systems


Cloud-based-Online-Backup-Disaster-Recovery-Data-Storage-by-Bacula-Systems-in-Switzerland

Share/Save/Bookmark

Related posts:

  1. Kaspersky Lab and INTERPOL Survey Reports: 60 Percent of Android Attacks Use Financial Malware
  2. Kaspersky Lab Reports: Finance-Related Malware Attacks Rose to 28 Million in 2013
  3. Who Else is Using your Servers? Kaspersky Lab Exposes Massive Underground Market Selling Over 70,000 Hacked Servers
  4. One Billion More: Kaspersky Lab Reports on Cyber Threats in 2014
  5. Kaspersky Lab Detected a 14% Increase in New Ransomware Modifications in Q1 2016
  6. Kaspersky Lab and WISeKey Launch an Encrypted Vault for all that is Precious on your Mobile: The WISeID Kaspersky Lab Security App
  7. Kaspersky Lab Reports Malicious Attack Increase in Q1 IT Threat Evolution Report
  8. Every Fifth Company Expects Others to Protect It Against DDoS, Kaspersky Lab Survey Shows
  9. Kaspersky Lab and INTERPOL Report: Every Fifth Android User Faces Cyber-Attacks
  10. Kaspersky Lab Survey: Half of Companies Put Themselves at Risk by Undervaluing DDoS Countermeasures

Tags: , , ,