Wednesday, April 8, 21:37
Home security Kaspersky: Identifies APT team that reported on Shadow Brokers leak ...

Kaspersky: Identifies APT team that reported 2017 leak of Shadow Brokers

Η Kaspersky managed to identify after two years one APT team, which had been reported in their leak Shadow Brokers the 2017.

APT 2017, a hacking team known as Shadow Brokers, published a "data dump" called “Lost in Translation”.

The data dump contained several exploits and hacking tools, which are hackers had been stolen by the NSA. One of the most famous exploits, posted, is EternalBlue, used for WannaCry, NotPetya and Bad Rabbit ransomware, in disaster attacks of 2017.

The "data dump" also contained a file named sigs.py.

Her hackers NSA used this file as one malware scanner to scan the infected computers. Nouns, scanned computers to search for other APTs (this term is usually used to describe state hacking teams).

The sigs.py script was able to detect 44 other APTs. Many of these groups were unknown in the industry security in cyberspace 2017 (when the leak happened). This means that the NSA had an important tool in its hands that could detect and track activities many dangerous APT groups.

- Advertisement -

However, Kaspersky published one last month report, in which he reports that he managed to locate one of the mysterious APT teams.

The researchers called the group "DarkUniverse"And said that these hackers were active from 2009 to 2017. After the ShadowBrokers leaked, their tracks were lost.

“The suspension of their activities may be related to the publication of 'Lost in Translation'. They may still have decided to switch to more modern approaches, "Kaspersky said.

20 victims in Africa, Europe and the Middle East

Kaspersky said he found it 20 victims of this APT group, which came from Russia, Belarus, Syria, Iran, Afghanistan, Ethiopia, Sudan, Tanzania and the United Arab Emirates.

The victims were mainly politicians and military organizations, medical institutions, atomic energy providers and telecommunications companies.

However, Kaspersky experts are sure that the actual number of victims is much higher.

About DarkUniverse malware framework, researchers found overlapping code with malicious software ItaDuke / APT, which has been used to attack Uighurs and Tibetans minorities.

However, it is not certain if DarkUniverse's malware comes from Chinese hackers. More information is needed.

According to Kaspersky researchers, the DarkUniverse malware framework is a typical trojan that allows remote access access, but it is particularly advanced and dangerous. In the picture below you can see its capabilities.

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

OTEAcademy: Telecommunication Program for Scientists & Freelancers, affected by COVID-19

OTEAcademy participates in the special telecommunication program - certification for scientists and freelancers affected by COVID-19.

Facebook wanted to buy Pegasus Spyware to track Apple users

According to NSO CEO Shalev Hulio, Facebook tried to buy ...

7 apps to watch movies online at the same time as your friends

According to the recommendations made by governments and health organizations around the world, ...

Tesla's model uses solar energy to move

The designs for a Tesla Roadster, with an engine that uses solar energy, were recently released on the internet and ...

George Soros is pushing for a postal vote due to COVID-19

George Soros pushes for postal voting due to COVID-19: For the purposes of the vote, George Soros-funded Brennan Center ...

Sony: Reveals the new DualSense controller for the PS5!

Together with the fifth model Playstation, PS5, Sony has unveiled the new DualSense space controller, which retains some of the ...

Koronoios: Fraudsters sell blood and saliva from a survivor on the Dark Web

The ad on Own Shop, a store on the Dark Web, claims that someone has been infected with coronavirus and is now selling ...

UbuntuDDE: Ubuntu Linux with Deepin desktop

UbuntuDDE: Ubuntu Linux with Deepin desktop- Have you ever wondered what would happen if you combined the powers ...

Facebook: Launches new chat application for couples due to COVID-19!

As the governments of a large number of countries have taken measures of social distancing and lockdown, in an effort to limit ...

Netflix: Lock your PIN account for more security

Netflix: Lock your PIN account for more security - Netflix, one of the best known ...