SweX 871 Posted April 10, 2015 Share Posted April 10, 2015 Late in 2014, we noticed and started to track an undocumented malicious campaign targeting Russian businesses, and that has been active for well over a year. The malware used in this campaign is a mix of off-the-shelf tools, NSIS-packed malware and bespoke spyware that abuses Yandex’s Punto software, a program for Russian users which silently and automatically changes the keyboard language depending on what the user is typing. Once the cybercriminals have compromised a computer, they use custom tools to analyze its content, install a backdoor and finally deploy a malicious module that spies on the system and can enumerate smart cards. This campaign is of particular interest as the techniques used by these cybercriminals are often associated with targeted attacks and not generally used by financially-motivated cybercriminals. Although we believe it to be a different campaign, it shares some similarities with Anunak/Carbanak in terms of techniques, tactics and procedures it uses. In this blog post, we will cover this campaign, its targets, and the tools used by these criminals. hxxp://www.welivesecurity.com/2015/04/09/operation-buhtrap/ Link to comment Share on other sites More sharing options...
Recommended Posts