Proofpoint discuss their recent discovery of a new Advanced Persistent Threat (APT) which is targeting Indian diplomatic and military resources. What initially appeared to be a relatively small email campaign sent to Indian embassies in Saudi Arabia and Kazakstan now appears connected to watering hole sites targeting Indian military personnel as well as other campaigns designed to drop a remote access Trojan (RAT), which Proofpoint has dubbed “MSIL/Crimson”. This RAT has a variety of data exfiltration functions, including screen capture and keylogging.
[su_note note_color=”#ffffcc” text_color=”#00000″]Researchers at Proofpoint :
Proofpoint has released a new paper around its discovery, which can be found here, however key takeouts are below:
- The RAT being dropped here has over 40 functions for data exfiltration and potential cyberespionage and is being dropped via email, watering hole sites, and other vectors.
- Analysis showed that many of the campaigns and attacks appear related by common IOCs, vectors, payloads, and language, although the exact nature and attribution associated with this APT remains under investigation.
- While our investigation of this threat is ongoing, this serves as an important reminder that wars are no longer waged solely on the ground or in the air. Rather, threat actors (whether from nation-states or private parties with interests in international conflicts) will use a variety of cyber tools to achieve their goals.[/su_note]
[su_box title=”About Proofpoint” style=”noise” box_color=”#336588″]Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.