- Apr 21, 2016
- 4,373
A highly sophisticated malware which allows hackers to get their hands on sensitive data and to eavesdrop on victims' networks is targeting businesses in Ukraine.
According to threat intelligence firm CyberX, this new operation has already managed to siphon over 600 gigabytes of data from about 70 victims, all businesses from various areas of work, including news media and scientific research, but also critical infrastructure.
"Operation BugDrop" is the name that was given to this malware campaign that is mainly targeting victims in the Ukraine, as well as Russia, Austria, and Saudi Arabia. The perpetrators are unknown at this point, but given the details of the operation that have been uncovered so far, they may be government-backed with plenty of resources.
"Operation BugDrop is a well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources. In particular, the operation requires a massive back-end infrastructure to store, decrypt and analyze several GB per day of unstructured data that is being captured from its targets. A large team of human analysts is also required to manually sort through captured data and process it manually and/or with Big Data-like analytics," reads the blog post detailing the operation.
What does it do?
The malware was designed specifically to infiltrate the victim's computer, grab screenshots, collect documents and passwords, and, more importantly, to turn on the PC's microphone to capture audio recordings of all conversations taking place around the infected device.
As many other malware, this one gets to its victims via malicious Microsoft Word documents sent in phishing emails. The documents contain malicious macros embedded, which are normally turned off unless the user expressly tells the computer to go ahead and run the macros. Once the malware is deployed, the computer sends all the data to Dropbox where hackers retrieve it. This is a particularly well-thought plan since most organizations don't monitor Dropbox data flux.
Continue reading...
According to threat intelligence firm CyberX, this new operation has already managed to siphon over 600 gigabytes of data from about 70 victims, all businesses from various areas of work, including news media and scientific research, but also critical infrastructure.
"Operation BugDrop" is the name that was given to this malware campaign that is mainly targeting victims in the Ukraine, as well as Russia, Austria, and Saudi Arabia. The perpetrators are unknown at this point, but given the details of the operation that have been uncovered so far, they may be government-backed with plenty of resources.
"Operation BugDrop is a well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources. In particular, the operation requires a massive back-end infrastructure to store, decrypt and analyze several GB per day of unstructured data that is being captured from its targets. A large team of human analysts is also required to manually sort through captured data and process it manually and/or with Big Data-like analytics," reads the blog post detailing the operation.
What does it do?
The malware was designed specifically to infiltrate the victim's computer, grab screenshots, collect documents and passwords, and, more importantly, to turn on the PC's microphone to capture audio recordings of all conversations taking place around the infected device.
As many other malware, this one gets to its victims via malicious Microsoft Word documents sent in phishing emails. The documents contain malicious macros embedded, which are normally turned off unless the user expressly tells the computer to go ahead and run the macros. Once the malware is deployed, the computer sends all the data to Dropbox where hackers retrieve it. This is a particularly well-thought plan since most organizations don't monitor Dropbox data flux.
Continue reading...
