The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse.

 

The most peculiar trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software.

 

The LuckyMouse group is known for highly targeted cyberattacks on large entities around the world. The group’s activity is posing a danger to whole regions, including South-Eastern and Central Asia, as their attacks seem to have a political agenda.

 

Judging by victim profiles and the group’s previous attack vectors, Kaspersky Lab researchers think that the Trojan they’ve detected might have been used for nation-state backed cyber-espionage.
The Trojan discovered by Kaspersky Lab experts infected a target computer via a driver built by the threat actors. This allowed the attackers to execute all common tasks such as command execution, downloading and uploading files, and to intercept network traffic.

 

The driver turned out to be the most interesting part of this campaign. To make it trustworthy, the group apparently stole a digital certificate, which belongs to an information security-related software developer and used this to sign malware samples. This was done in an attempt to avoid being detected by security solutions, as a legitimate signature makes the malware look like legal software.

 

Another noteworthy feature of the driver is that despite Luckymouse’s ability to create its own malicious software, the software used in the attack appeared to be a combination of publicly available code samples from the public repositories and custom malware.

 

Such simple adoption of a ready-to-use third-party code, instead of writing original code, saves developers time and makes attribution more difficult.

 

“When a new LuckyMouse campaign appears, it’s almost always around the same time as the leadup to a high-profile political event, and the timing of an attack usually precedes world leader summits. The actor isn’t too worried about attribution – because they are now implementing third-party code samples into their programs, it’s not time-consuming for them to add another layer to their droppers, or to develop a modification for the malware and still remain untraced,” notes Denis Legezo, Security Researcher at Kaspersky Lab.

 

Kaspersky Lab has previously reported on the LuckyMouse actor attacking a national data center to organize a country-level waterholing campaign.

 

How to protect yourself:  

  • Do not automatically trust the code running on your systems. Digital certificates do not guarantee the absence of backdoors.
  • Use a robust security solution, equipped with malicious-behavior detection technologies that enable even previously unknown threats to be caught.
  • Subscribe your organization’s security team to a high quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.

 

Read the full version on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Transcend to Supply High-Quality Memory Products In Spite of DRAM Shortage
Techworld Date Posted: 2 December 2017 4:46 PM | 254 Views
As the global demand for DRAM continue to rise, it is expected the price of DRAM to stay firm through year 2018. See More
 
Transcend to Supply High-Quality Memory Products In Spite of DRAM Shortage
Techworld Date Posted: 4:46 PM | 254 Views
As the global demand for DRAM continue to rise, it is expected the price of DRAM to stay firm through year 2018See More

 
New Forces Join Popular Team Group Gaming T-FORCE Series
Techworld Date Posted: 30 September 2017 9:35 AM | 469 Views
Team Group, world renowned memory solutions and accessory provider, is proud to announce today the addition of new products as to their prestigious T-FORCE gaming line of products. See More
 
New Forces Join Popular Team Group Gaming T-FORCE Series
Techworld Date Posted: 9:35 AM | 469 Views
Team Group, world renowned memory solutions and accessory provider, is proud to announce today the addition of new products as to their prestigious T-FORCE gaming line of productsSee More

 
VST-ECS Appointed as Riverbed Technology’s New PH Distributor
Techworld Date Posted: 15 March 2019 2:53 PM | 75 Views
Riverbed Technology, The Digital Performance Company, announced on Tuesday that it has signed a strategic distribution partnership with local ICT distribution powerhouse VST ECS Phils., Inc., (formerly MSI-ECS Phils., Inc) . See More
 
VST-ECS Appointed as Riverbed Technology’s New PH Distributor
Techworld Date Posted: 2:53 PM | 75 Views
Riverbed Technology, The Digital Performance Company, announced on Tuesday that it has signed a strategic distribution partnership with local ICT distribution powerhouse VST ECS Phils., Inc., (formerly MSI-ECS Phils., Inc) See More

 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 30 July 2018 3:47 PM | 494 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.. See More
 
Lenovo Opens 20th Concept Store in the Philippines
Techworld Date Posted: 3:47 PM | 494 Views
Lenovo, the world’s leading PC manufacturer, recently opened its 20th concept store in the Philippines and the second one in Cebu City, located at the third floor of Ayala Center Cebu.See More

 
ASUS Republic of Gamers Announces ROG Swift PG65 Big Format Gaming Display with NVIDIA G-SYNC at CES 2018
Techworld Date Posted: 8 January 2018 4:30 PM | 353 Views
ASUS Republic of Gamers (ROG) today announced that it will unveil the new ROG Swift PG65 big format gaming display (BFGD) with NVIDIA® G-SYNC® at CES® 2018 in Las Vegas.. See More
 
ASUS Republic of Gamers Announces ROG Swift PG65 Big Format Gaming Display with NVIDIA G-SYNC at CES 2018
Techworld Date Posted: 4:30 PM | 353 Views
ASUS Republic of Gamers (ROG) today announced that it will unveil the new ROG Swift PG65 big format gaming display (BFGD) with NVIDIA® G-SYNC® at CES® 2018 in Las Vegas.See More

 
Smart Offers Groundbreaking OPPO Find X at Php2,799 per Month with Exclusive Freebies
Techworld Date Posted: 21 September 2018 9:26 AM | 161 Views
Getting hold of the world's first panoramic designed phone is easier than ever with Smart, which offers the groundbreaking OPPO Find X under the data-packed GigaX Plans for Php2,799 per month.. See More
 
Smart Offers Groundbreaking OPPO Find X at Php2,799 per Month with Exclusive Freebies
Techworld Date Posted: 9:26 AM | 161 Views
Getting hold of the world's first panoramic designed phone is easier than ever with Smart, which offers the groundbreaking OPPO Find X under the data-packed GigaX Plans for Php2,799 per month.See More

 
Transcend Gives Back to Over 300 Kids with Metro World Child for the Sidewalk Sunday School Project
Techworld Date Posted: 6 October 2018 9:16 AM | 577 Views
In many cities and villages, there are children who have no control over where they were born or what extreme circumstances they were brought into; they have no way of seeing themselves out of.... See More
 
Transcend Gives Back to Over 300 Kids with Metro World Child for the Sidewalk Sunday School Project
Techworld Date Posted: 9:16 AM | 577 Views
In many cities and villages, there are children who have no control over where they were born or what extreme circumstances they were brought into; they have no way of seeing themselves out of...See More

Frank Emmanuel Trazo
Hewlett Packard Enterprise: One of Silicon Valley’s Pioneers
Techworld • By: Frank Emmanuel Trazo | Date Posted: 22 June 2017 9:03 AM | 1336 Views
Last May 2017, Hewlett Packard Enterprise (HPE) decided to open an Asia-Pacific headquarters in Singapore. . See More
Frank Emmanuel Trazo
Hewlett Packard Enterprise: One of Silicon Valley’s Pioneers
Techworld • By: Frank Emmanuel Trazo | Date Posted: 9:03 AM | 1336 Views
Last May 2017, Hewlett Packard Enterprise (HPE) decided to open an Asia-Pacific headquarters in Singapore. See More

 
Say Goodbye to Dead Spots at Home and Say Hello to Google WiFi! PLDT Teams Up with Google to Give You the Strongest and Seamless Connections at Home
Techworld Date Posted: 25 October 2018 2:32 PM | 219 Views
Nothing ruins an online experience like an interrupted connection. Whether you’re streaming the final episode of your favorite series, uploading an important file to make a deadline or video calling with your bestfriend abroad,.... See More
 
Say Goodbye to Dead Spots at Home and Say Hello to Google WiFi! PLDT Teams Up with Google to Give You the Strongest and Seamless Connections at Home
Techworld Date Posted: 2:32 PM | 219 Views
Nothing ruins an online experience like an interrupted connection. Whether you’re streaming the final episode of your favorite series, uploading an important file to make a deadline or video calling with your bestfriend abroad,...See More

 
Juniper Networks Strengthens Country Presence, Appoints MSI-ECS as Country Distributor
Techworld Date Posted: 2 May 2018 3:52 PM | 404 Views
MSI-ECS has been appointed as Philippines’ distributor for Juniper Networks, across Juniper’s full range of high-performance networking, security, data center and cloud solutions. MSI-ECS, one of the country’s largest ICT distributors, will support Juniper’s.... See More
 
Juniper Networks Strengthens Country Presence, Appoints MSI-ECS as Country Distributor
Techworld Date Posted: 3:52 PM | 404 Views
MSI-ECS has been appointed as Philippines’ distributor for Juniper Networks, across Juniper’s full range of high-performance networking, security, data center and cloud solutions. MSI-ECS, one of the country’s largest ICT distributors, will support Juniper’s...See More


Power by

Download Free AZ | Free Wordpress Themes