The infamous Sednit cyber-espionage group that has attacked various financial institutions in the past has recently started to use a new exploit kit to distribute their malware, ESET’s research lab is reporting. Among the attacked websites is a large financial institution in Poland. ESET has uncovered that the group uses domains similar to those of existing websites related to the military, defence and foreign affairs to infect computers with their malware.
“We recently came across cases of legitimate financial websites being redirected to a custom exploit kit. Based on our research and on some information provided by the Google Security Team, we were able to establish that it is used by the Sednit group. This is a new strategy for this group which has relied mostly on spear-phishing emails up until now,” says ESET researcher Joan Calvet.
Featured Download: CISO Data Breach Guide
ESET has in particular analysed redirections to the exploit kit from websites belonging to a large financial institution in Poland. In its attack, Sednit is misusing legitimate websites related to military and defence issues. During the exploit attack, Sednit installs remotely-controlled malware with various malicious activities onto the systems. “This might be indicative of an ongoing campaign against those sectors,” adds Calvet.
In recent years, exploit kits have become a major method employed to spread crimeware, malware intended for mass-scale distribution to facilitate financial fraud and abuse of computing resources for purposes such as sending spam, Bitcoin mining, and credentials harvesting. Since 2012, ESET has observed that this strategy is being used for espionage as well in what has become known as “watering-hole attacks” or “strategic web compromises.” A watering-hole attack can be described as redirecting traffic from websites likely to be visited by members of a specific target organisation or industry.
More details and screenshots of the Sednit threat can be found at ESET Ireland’s blog.
About ESET Ireland
ESET Ireland will keep your hardware and software performing as it should. The company has hundreds of people around the world working hard every day so customers’ computers, tablets, smartphones and servers are properly protected. All with minimal impact on their performance.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.