Jump to content

ESET Research: Operation Buhtrap


Recommended Posts

Late in 2014, we noticed and started to track an undocumented malicious campaign targeting Russian businesses, and that has been active for well over a year. The malware used in this campaign is a mix of off-the-shelf tools, NSIS-packed malware and bespoke spyware that abuses Yandex’s Punto software, a program for Russian users which silently and automatically changes the keyboard language depending on what the user is typing. Once the cybercriminals have compromised a computer, they use custom tools to analyze its content, install a backdoor and finally deploy a malicious module that spies on the system and can enumerate smart cards.


This campaign is of particular interest as the techniques used by these cybercriminals are often associated with targeted attacks and not generally used by financially-motivated cybercriminals. Although we believe it to be a different campaign, it shares some similarities with Anunak/Carbanak in terms of techniques, tactics and procedures it uses. In this blog post, we will cover this campaign, its targets, and the tools used by these criminals.



Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...