Kaspersky Lab researchers have discovered a wave of cyber-espionage targeted attacks aimed at Central Asian diplomatic organisations. The Trojan, called “Octopus”, which was disguised as a version of a popular and legitimate online messenger, was attracting users amid the news of a possible ban on Telegram messenger in the region. Once installed, Octopus provided attackers with remote access to victims’ computers.
Threat actors are constantly seeking exploitable modern trends and adjusting their methods in order to jeopardise users’ privacy and sensitive information across the world. In this case, the possible prohibition of the widely-used Telegram messenger allowed threat actors to plan attacks using the Octopus Trojan, subsequently providing the hackers with remote access to a victim’s computer.
Threat actors distributed Octopus within an archive disguised as an alternative version of Telegram messenger for Kazakh opposition parties. The launcher was disguised with a recognisable symbol of one of the opposition political parties from the region, and the Trojan was hidden inside. Once activated, the Trojan gave the actors behind the malware opportunities to perform various operations with data on the infected computer, including, but not limited to, deletion, blocks, modifications, copying and downloading. Thus, the attackers were able to spy on victims, steal sensitive data and gain backdoor access to the systems. The scheme has some similarities with an infamous cyber-espionage operation called Zoo Park, in which the malware used for the APT was mimicking a Telegram application to spy on victims.
Using Kaspersky algorithms that recognise similarities in software code, security researchers discovered that Octopus could have links to DustSquad – a Russian-speaking cyber-espionage actor previously detected in former USSR countries in Central Asia, as well as Afghanistan, since 2014. Within the last two years the researchers have detected four of their campaigns with custom Android and Windows malware aimed both at private users and diplomatic entities.
“Central Asia has been a hub for threat actors targeting diplomatic entities in 2018. DustSquad has been operating in this region for a several years and it is possible that they could be the group behind this threat. Apparently, the interest in this region’s cyberaffairs is growing steadily. We strongly advise people and organisations in this region to keep a watchful eye on their systems – and ensure their employees do the same,” says David Emm, Principal Security Researcher at Kaspersky Lab.
To reduce the risk of sophisticated cyberattacks, Kaspersky Lab recommends implementing the following measures:
· Educate staff on digital hygiene and explain how to recognise and avoid potentially malicious applications or files. For example, employees should not download and launch any apps or programs from untrusted or unknown sources.
· Use a robust endpoint security solution with Application Control functionality that limits an application’s ability to launch or access critical system resources.
· Implement a set of solutions and technologies against targeted attacks such as Kaspersky Anti Targeted Attack Platform and Kaspersky EDR. These can help detect malicious activity across the network and effectively investigate and respond to attacks by blocking their progress.
· Make sure that your security team has access to a professional threat intelligence.
Read the full report on the Securelist.com
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.