‫ Comfoo cyberspy campaign still active

ID: IRCNE2013081914
Date: 2013-08-06
 
According to "cnet", a cyberespionage campaign that targeted the RSA in 2010 is still active and targeting networks worldwide.
Dell SecureWorks researchers Joe Stewart and Don Jackson have released a new threat intelligence report documenting the Comfoo remote access Trojan (RAT) -- malware used to infiltrate corporate and governmental networks across the globe.
The so-called Advanced Persistent Threat (APT) attack is simply one of many that organizations are scrambling to defend against as cyberthreats become more sophisticated, and in some cases, state-sponsored.
The Comfoo campaign is a prime example of an advanced persistent threat. Comfoo has been in operation since at least 2006, and first came to light as part of the RSA data breach in 2010. According to the report, the Trojan has been used in at least 64 targeted attacks worldwide, and there are hundreds of variants of the RAT.
To lurk within a corporate system, the Comfoo RAT often replaces the DLL path of an "existing unused service rather than installing a new service" -- which is less likely to be noticed by system administrators. A rootkit is also sometimes used to hide Comfoo disk files. Network traffic generated by the RAT is encrypted in order to securely send data back to the malware's command and control centers.
The researchers could not see the data that was lifted, but were able to plot out the network and see how Comfoo logged keystrokes, accessed and downloaded files, executed commands and was able to open command shares.
While monitoring the RAT, researchers found that government entities and private firms based in the U.S., Europe, and Asia Pacific were often infected. Many Japanese and Indian governmental bodies were targeted, as well as educational institutions, media, telecommunications companies and energy firms.
Interestingly, audio and videoconferencing firms are also a frequent target. The researchers speculate that this may be due to hackers seeking intellectual property, or the Trojan may have been used to quietly listen in on commercial and government organizations.
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 15 مرداد 1392

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0