The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse.

 

The most peculiar trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software.

 

The LuckyMouse group is known for highly targeted cyberattacks on large entities around the world. The group’s activity is posing a danger to whole regions, including South-Eastern and Central Asia, as their attacks seem to have a political agenda.

 

Judging by victim profiles and the group’s previous attack vectors, Kaspersky Lab researchers think that the Trojan they’ve detected might have been used for nation-state backed cyber-espionage.
The Trojan discovered by Kaspersky Lab experts infected a target computer via a driver built by the threat actors. This allowed the attackers to execute all common tasks such as command execution, downloading and uploading files, and to intercept network traffic.

 

The driver turned out to be the most interesting part of this campaign. To make it trustworthy, the group apparently stole a digital certificate, which belongs to an information security-related software developer and used this to sign malware samples. This was done in an attempt to avoid being detected by security solutions, as a legitimate signature makes the malware look like legal software.

 

Another noteworthy feature of the driver is that despite Luckymouse’s ability to create its own malicious software, the software used in the attack appeared to be a combination of publicly available code samples from the public repositories and custom malware.

 

Such simple adoption of a ready-to-use third-party code, instead of writing original code, saves developers time and makes attribution more difficult.

 

“When a new LuckyMouse campaign appears, it’s almost always around the same time as the leadup to a high-profile political event, and the timing of an attack usually precedes world leader summits. The actor isn’t too worried about attribution – because they are now implementing third-party code samples into their programs, it’s not time-consuming for them to add another layer to their droppers, or to develop a modification for the malware and still remain untraced,” notes Denis Legezo, Security Researcher at Kaspersky Lab.

 

Kaspersky Lab has previously reported on the LuckyMouse actor attacking a national data center to organize a country-level waterholing campaign.

 

How to protect yourself:  

  • Do not automatically trust the code running on your systems. Digital certificates do not guarantee the absence of backdoors.
  • Use a robust security solution, equipped with malicious-behavior detection technologies that enable even previously unknown threats to be caught.
  • Subscribe your organization’s security team to a high quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.

 

Read the full version on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
From Newcomer to 2019’s Major Player: Realme Philippines’ Massive Expansion in 2 Months Just the Start
Techworld Date Posted: 15 January 2019 3:10 PM | 136 Views
Realme, the game changer smartphone brand, came to the Philippines in late 2018 to strengthen its Southeast Asian foothold with the promise of delivering powerful mobile performance and contemporary style that are attainable by.... See More
 
From Newcomer to 2019’s Major Player: Realme Philippines’ Massive Expansion in 2 Months Just the Start
Techworld Date Posted: 3:10 PM | 136 Views
Realme, the game changer smartphone brand, came to the Philippines in late 2018 to strengthen its Southeast Asian foothold with the promise of delivering powerful mobile performance and contemporary style that are attainable by...See More

 
HyperX Announced as Official Peripheral Sponsor of Kuala Lumpur Major
Techworld Date Posted: 25 October 2018 1:43 PM | 162 Views
As the popularity of eSports has exploded in Southeast Asia with more than 9.5 million eSports enthusiasts,* PGL this year will bring the global tournament of Dota 2, one of the most played titles.... See More
 
HyperX Announced as Official Peripheral Sponsor of Kuala Lumpur Major
Techworld Date Posted: 1:43 PM | 162 Views
As the popularity of eSports has exploded in Southeast Asia with more than 9.5 million eSports enthusiasts,* PGL this year will bring the global tournament of Dota 2, one of the most played titles...See More

 
Get the Best Deals for Your Family This Christmas with the PLDT Christmas 3 Bundle Promo
Techworld Date Posted: 21 December 2017 5:04 PM | 391 Views
It’s the season of gift-giving and PLDT has the perfect present for the digitally savvy and entertainment-loving Filipino families.. See More
 
Get the Best Deals for Your Family This Christmas with the PLDT Christmas 3 Bundle Promo
Techworld Date Posted: 5:04 PM | 391 Views
It’s the season of gift-giving and PLDT has the perfect present for the digitally savvy and entertainment-loving Filipino families.See More

 
Watch and Download Movie Life (2017)
Techworld Date Posted: 14 September 2017 2:13 PM | 453 Views
The Kaspersky Lab Anti-Malware Research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrency miners - legitimate software used to create ("mine") virtual currencies based on blockchain technology. In.... See More
 
Watch and Download Movie Life (2017)
Techworld Date Posted: 2:13 PM | 453 Views
The Kaspersky Lab Anti-Malware Research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrency miners - legitimate software used to create ("mine") virtual currencies based on blockchain technology. In...See More

 
Businesses Stuck in a DDoS-Daze as Ineffective Strategies Leave Them Vulnerable to Attack
Techworld Date Posted: 22 May 2018 10:15 AM | 382 Views
Research from Kaspersky Lab has revealed that businesses are falling behind in the race to protect themselves from Distributed Denial of Service (DDoS) attacks, due a reliance on others to do the job for.... See More
 
Businesses Stuck in a DDoS-Daze as Ineffective Strategies Leave Them Vulnerable to Attack
Techworld Date Posted: 10:15 AM | 382 Views
Research from Kaspersky Lab has revealed that businesses are falling behind in the race to protect themselves from Distributed Denial of Service (DDoS) attacks, due a reliance on others to do the job for...See More

 
Nearly Half of Advanced Targeted Attacks in Q3, 2017 Came from Chinese-Speaking Actors
Techworld Date Posted: 23 November 2017 3:51 PM | 255 Views
The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals. . See More
 
Nearly Half of Advanced Targeted Attacks in Q3, 2017 Came from Chinese-Speaking Actors
Techworld Date Posted: 3:51 PM | 255 Views
The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals. See More

 
SILVERSTONE TECHNOLOGY LAUNCHES 2018 PRODUCT LINE
Techworld Date Posted: 4 May 2018 3:22 PM | 545 Views
SilverStone Technology Co., Ltd. (SST), one of the biggest designers and manufacturers of computer parts and accessories in the world introduces their 2018 product line in the Philippines with a Launch Party for its.... See More
 
SILVERSTONE TECHNOLOGY LAUNCHES 2018 PRODUCT LINE
Techworld Date Posted: 3:22 PM | 545 Views
SilverStone Technology Co., Ltd. (SST), one of the biggest designers and manufacturers of computer parts and accessories in the world introduces their 2018 product line in the Philippines with a Launch Party for its...See More

 
Akamai Announces New Services, Research and Partnerships to Help Customers ‘Connect to Tomorrow’
Techworld Date Posted: 24 October 2017 2:20 PM | 337 Views
Akamai Technologies announced its vision for an integrated approach to delivering world class digital experiences at the ‘EDGE’ Conference – its annual customer event. With customers looking for the fastest online services backed by.... See More
 
Akamai Announces New Services, Research and Partnerships to Help Customers ‘Connect to Tomorrow’
Techworld Date Posted: 2:20 PM | 337 Views
Akamai Technologies announced its vision for an integrated approach to delivering world class digital experiences at the ‘EDGE’ Conference – its annual customer event. With customers looking for the fastest online services backed by...See More

 
ADATA Sets New Overclocking Record with XPG SPECTRIX D80 RGB Memory Module at 5584MT/s
Techworld Date Posted: 9 January 2019 12:40 PM | 107 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules, and NAND Flash products has announced that it has overclocked its XPG SPECTRIX D80 RGB DDR4 memory module. See More
 
ADATA Sets New Overclocking Record with XPG SPECTRIX D80 RGB Memory Module at 5584MT/s
Techworld Date Posted: 12:40 PM | 107 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules, and NAND Flash products has announced that it has overclocked its XPG SPECTRIX D80 RGB DDR4 memory moduleSee More

 
2018 Cyber Security Predictions
Techworld Date Posted: 16 December 2017 12:00 PM | 622 Views
This past year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defenses. See More
 
2018 Cyber Security Predictions
Techworld Date Posted: 12:00 PM | 622 Views
This past year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defensesSee More


Power by

Download Free AZ | Free Wordpress Themes