In October 2014, Leviathan Security Group disclosed that a Russia based Tor exit node was attaching malware onto the files that passed through it by wrapping legitimate executables with the malware executable. The technique increased the attacker’s chance of bypassing integrity check mechanisms. The malware campaign is believed to have been active from at least February 2013 through spring 2015. OnionDuke does not operate like the other Duke campaigns; however, it does share some C&C infrastructure with the MiniDuke attacks.Moreover, unshared domains in both campaigns were registered using the same alias, John Kasai. As such, it stands to reason that OnionDuke is another Russian state sponsored APT group.
Subscribe to:
Post Comments (Atom)
-
When an authorities officer is composing a ticket at night, he is going to desire different light from a flashlight than when she is chasing...
-
Have you lost your data? It is a very upsetting situation when you get to know that you are not able to access data on your hard drive. The ...
-
Police officers and other emergency provider require trusted equipment that can serve them well as they serve others. Many of the tools that...
No comments:
Post a Comment