InvisiMole malware delivered by Gamaredon hacker group

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Feb 4, 2016
2,515
15,622
3,578
53
Germany / Poland
Security researchers have demystified the attack chain of the elusive InvisiMole cyberespionage group, revealing a complicated multi-stage format that relies on vulnerable legitimate tools, target-specific encryption of payloads, and stealthy communication.

InvisiMole gets access to the target network through Gamaredon, a threat actor linked to Russia that runs reconnaissance operations and identifies valuable systems.
Both attack groups have been operational for at least seven years and despite their collaboration, they are considered distinct threat actors due to the clear difference in attack tactics and techniques.

Legitimate tools used in attack chains

InvisiMole malware was publicly documented for the first time in 2018, being classified as complex spyware of undetermined origin that can track victims’ geographical location, spy via webcam, take screenshots, record audio, and steal documents.

Recently uncovered versions also use the Media Transfer Protocol (MTP) to steal photos from mobile phones connected to the infected computer.
... ...
 
Hello,
Just wondering, these "stealers" can steal anything in the LAN computers. Would be nice to protect any endpoints with softwares like Spyshelter?
When properly configured on critical endpoints, Spyhelter can deflect a lot of the kind of "attacks".

Kind regards,
-sepik