InvisiMole malware delivered by Gamaredon hacker group

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/invisimole-malware-delivered-by-gamaredon-hacker-group/
Security researchers have demystified the attack chain of the elusive InvisiMole cyberespionage group, revealing a complicated multi-stage format that relies on vulnerable legitimate tools, target-specific encryption of payloads, and stealthy communication.

InvisiMole gets access to the target network through Gamaredon, a threat actor linked to Russia that runs reconnaissance operations and identifies valuable systems.
Both attack groups have been operational for at least seven years and despite their collaboration, they are considered distinct threat actors due to the clear difference in attack tactics and techniques.

Legitimate tools used in attack chains

InvisiMole malware was publicly documented for the first time in 2018, being classified as complex spyware of undetermined origin that can track victims’ geographical location, spy via webcam, take screenshots, record audio, and steal documents.

Recently uncovered versions also use the Media Transfer Protocol (MTP) to steal photos from mobile phones connected to the infected computer.
... ...
Click to expand...
 
  • Like
  • +Reputation
Reactions: roger_m, upnorth, harlan4096 and 1 other person
sepik

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
Just wondering, these "stealers" can steal anything in the LAN computers. Would be nice to protect any endpoints with softwares like Spyshelter?
When properly configured on critical endpoints, Spyhelter can deflect a lot of the kind of "attacks".

Kind regards,
-sepik
 
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
Microsoft Warns of a New Russian State-Sponsored Hacker Group
Replies
0
Views
869
News Archive
vtqhtr413
vtqhtr413
vtqhtr413
    • +Reputation
    • Like
Security News ScarCruft APT Group Gears Up to Target Cybersecurity Pros
Replies
0
Views
1,204
Security News
vtqhtr413
vtqhtr413
[correlate]
    • Like
    • +Reputation
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
Replies
1
Views
514
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top