Comments On New Malware Spies On Diplomats, High-Profile Government Targets

A new modular and malware designed to target diplomatic and government entities was spotted by ESET researchers while being utilized in attacks aimed at Russian-speaking individuals for at least 7 years. The espionage malware strain dubbed Attor by the researchers comes with some unusual capabilities including the use of encrypted modules, Tor-based communications, and a plugin designed for GSM fingerprinting using the AT protocol.”The attackers who use Attor are focusing on diplomatic missions and governmental institutions,” says ESET malware researcher Zuzana Hromcová.

Experts Comments

October 14, 2019
Richard Bejtlich
Principal Security Strategist
Corelight
ESET reported that this campaign began at least seven years ago. Keeping track of network activity over such a long period of time is difficult, but not for organizations that perform network security monitoring. NSM software like Zeek could create high fidelity yet compact network transactions logs, suitable for long-term, inexpensive storage. When a victim organization suspects it may be affected by a long-term adversary campaign, it could retrieve those Zeek records from storage and.....Read More
ESET reported that this campaign began at least seven years ago. Keeping track of network activity over such a long period of time is difficult, but not for organizations that perform network security monitoring. NSM software like Zeek could create high fidelity yet compact network transactions logs, suitable for long-term, inexpensive storage. When a victim organization suspects it may be affected by a long-term adversary campaign, it could retrieve those Zeek records from storage and accelerate its detection, response, and recovery process.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.