Comments On New Malware Spies On Diplomats, High-Profile Government Targets

By   ISBuzz Team
Writer , Information Security Buzz | Oct 14, 2019 06:00 am PST

A new modular and malware designed to target diplomatic and government entities was spotted by ESET researchers while being utilized in attacks aimed at Russian-speaking individuals for at least 7 years. The espionage malware strain dubbed Attor by the researchers comes with some unusual capabilities including the use of encrypted modules, Tor-based communications, and a plugin designed for GSM fingerprinting using the AT protocol.”The attackers who use Attor are focusing on diplomatic missions and governmental institutions,” says ESET malware researcher Zuzana Hromcová.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Richard Bejtlich
Richard Bejtlich , Principal Security Strategist
October 14, 2019 2:04 pm

ESET reported that this campaign began at least seven years ago. Keeping track of network activity over such a long period of time is difficult, but not for organizations that perform network security monitoring. NSM software like Zeek could create high fidelity yet compact network transactions logs, suitable for long-term, inexpensive storage. When a victim organization suspects it may be affected by a long-term adversary campaign, it could retrieve those Zeek records from storage and accelerate its detection, response, and recovery process.

Last edited 4 years ago by Richard Bejtlich

Recent Posts

Would love your thoughts, please comment.x