• Today is: Sunday, March 29, 2015

Experts say cyberespionage attacks becoming more sophisticated, accurate, secretive

March12/ 2015

New Delhi, March 12 : Nation-state sponsored cyberespionage attacks are becoming more sophisticated, targeting carefully defined users with complex, modular tools, and keeping well under the radar of increasingly effective detection systems, Kaspersky Lab experts have concluded.

This new trend was confirmed during a detailed analysis of the EquationDrug cyberespionage platform. Kaspersky Lab specialists found that, following the industry’s growing success in exposing advanced persistent threat (APT) groups, the most sophisticated threat actors now focus on increasing the number of components in their malicious platform in order to reduce their visibility and enhance stealth.

The latest platforms now carry many plugin modules that allow them to select and perform a wide range of different functions, depending on their target victim and information they hold. Kaspersky Lab estimates that EquationDrug includes 116 different plugins.

EquationDrug is the main espionage platform developed by the Equation Group. It has been in use for more than a decade although it is now largely being replaced by the even more sophisticated GrayFish platform. The tactical trends confirmed by the analysis of EquationDrug were first observed by Kaspersky Lab during its research into the cyber-espionage campaigns Careto and Regin, among others.

Kaspersky Lab products detected a number of attempts to attack its users with exploits used by the Equation group in their malware. Many of these attacks were not successful due to Automatic Exploit Prevention technology which generically detects and blocks exploitation of unknown vulnerabilities. The Fanny worm presumably compiled in July 2008 and being a part of the Equation platform, was first detected and blacklisted by our automatic systems in December 2008.



Tags: #CyberAttack, #cyberespionage