The University of Toronto's Citizen Lab reports that it's found multiple infestations of NSO Group's Pegasus intercept tool in British Government devices, specifically in phones used by the Foreign, Commonwealth and Development Office (FDCO) and the Prime Minister's office. VMware discerns " a fundamental restructuring of cybercrime cartels thanks to a booming dark web economy of scale." Gangs operate like multinational corporations, and they now engage in more destructive behavior than before. The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here. Ukraine, Bloomberg reports, continues to augment its cyber defenses, with significant help from domestic and international corporations. Symantec adds, "While Shuckworm appears to be largely focused on intelligence gathering, its attacks could also potentially be a precursor to more serious intrusions, if the access it acquires to Ukrainian organizations is turned over to other Russian-sponsored actors." That's not surprising: developing intelligence is always an early stage in battlespace preparation. It appears that Pterodo is being continuously redeveloped by the attackers in a bid to stay ahead of detection." "While Shuckworm is not the most tactically sophisticated espionage group," Symantec writes, "it compensates for this in its focus and persistence in relentlessly targeting Ukrainian organizations. The practice seems to be a crude method of establishing and maintaining persistence: if the defenders find and kick one version, well, there are three others they might overlook. Installation of multiple versions of, essentially, functionally equivalent malware is one of the group's characteristic bits of tradecraft. Symantec is tracking four variants of the Pterodo backdoor Shuckworm installs in its victims' systems. Its principal focus has since its inception been Ukraine. Shuckworm first appeared in 2014 during Russia's earlier aggression against Ukraine that resulted in its annexation of Crimea, and the group is generally held to be an FSB operation staged from that conquered province. Symantec this morning updated their research on the Russian threat actor Shuckworm (also known as Armageddon and Gamaredon) and its activities against Ukraine. Shuckworm update: scattershot and crude, but worth keeping an eye on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |