A new modular and malware designed to target diplomatic and government entities was spotted by ESET researchers while being utilized in attacks aimed at Russian-speaking individuals for at least 7 years. The espionage malware strain dubbed Attor by the researchers comes with some unusual capabilities including the use of encrypted modules, Tor-based communications, and a plugin designed for GSM fingerprinting using the AT protocol.”The attackers who use Attor are focusing on diplomatic missions and governmental institutions,” says ESET malware researcher Zuzana Hromcová.
ESET reported that this campaign began at least seven years ago. Keeping track of network activity over such a long period of time is difficult, but not for organizations that perform network security monitoring. NSM software like Zeek could create high fidelity yet compact network transactions logs, suitable for long-term, inexpensive storage. When a victim organization suspects it may be affected by a long-term adversary campaign, it could retrieve those Zeek records from storage and accelerate its detection, response, and recovery process.