Comments On New Malware Spies On Diplomats, High-Profile Government Targets

A new modular and malware designed to target diplomatic and government entities was spotted by ESET researchers while being utilized in attacks aimed at Russian-speaking individuals for at least 7 years. The espionage malware strain dubbed Attor by the researchers comes with some unusual capabilities including the use of encrypted modules, Tor-based communications, and a plugin designed for GSM fingerprinting using the AT protocol.”The attackers who use Attor are focusing on diplomatic missions and governmental institutions,” says ESET malware researcher Zuzana Hromcová.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Richard Bejtlich
Richard Bejtlich , Principal Security Strategist
InfoSec Expert
October 14, 2019 2:04 pm

ESET reported that this campaign began at least seven years ago. Keeping track of network activity over such a long period of time is difficult, but not for organizations that perform network security monitoring. NSM software like Zeek could create high fidelity yet compact network transactions logs, suitable for long-term, inexpensive storage. When a victim organization suspects it may be affected by a long-term adversary campaign, it could retrieve those Zeek records from storage and accelerate its detection, response, and recovery process.

Last edited 2 years ago by Richard Bejtlich
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x