The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse.

 

The most peculiar trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software.

 

The LuckyMouse group is known for highly targeted cyberattacks on large entities around the world. The group’s activity is posing a danger to whole regions, including South-Eastern and Central Asia, as their attacks seem to have a political agenda.

 

Judging by victim profiles and the group’s previous attack vectors, Kaspersky Lab researchers think that the Trojan they’ve detected might have been used for nation-state backed cyber-espionage.
The Trojan discovered by Kaspersky Lab experts infected a target computer via a driver built by the threat actors. This allowed the attackers to execute all common tasks such as command execution, downloading and uploading files, and to intercept network traffic.

 

The driver turned out to be the most interesting part of this campaign. To make it trustworthy, the group apparently stole a digital certificate, which belongs to an information security-related software developer and used this to sign malware samples. This was done in an attempt to avoid being detected by security solutions, as a legitimate signature makes the malware look like legal software.

 

Another noteworthy feature of the driver is that despite Luckymouse’s ability to create its own malicious software, the software used in the attack appeared to be a combination of publicly available code samples from the public repositories and custom malware.

 

Such simple adoption of a ready-to-use third-party code, instead of writing original code, saves developers time and makes attribution more difficult.

 

“When a new LuckyMouse campaign appears, it’s almost always around the same time as the leadup to a high-profile political event, and the timing of an attack usually precedes world leader summits. The actor isn’t too worried about attribution – because they are now implementing third-party code samples into their programs, it’s not time-consuming for them to add another layer to their droppers, or to develop a modification for the malware and still remain untraced,” notes Denis Legezo, Security Researcher at Kaspersky Lab.

 

Kaspersky Lab has previously reported on the LuckyMouse actor attacking a national data center to organize a country-level waterholing campaign.

 

How to protect yourself:  

  • Do not automatically trust the code running on your systems. Digital certificates do not guarantee the absence of backdoors.
  • Use a robust security solution, equipped with malicious-behavior detection technologies that enable even previously unknown threats to be caught.
  • Subscribe your organization’s security team to a high quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.

 

Read the full version on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Fortinet Survey Reveals 48% of APAC IT Decision Makers Are Confident of Their Cybersecurity Postures despite 86% of Organizations Being Breached
Techworld Date Posted: 15 December 2017 9:25 AM | 243 Views
Fortinet® (NASDAQ: FTNT), the global leader in broad, integrated and automated cybersecurity solutions, today revealed additional findings from its Global Enterprise Security Survey. According to the research, 40 percent of IT decision makers (ITDMs). See More
 
Fortinet Survey Reveals 48% of APAC IT Decision Makers Are Confident of Their Cybersecurity Postures despite 86% of Organizations Being Breached
Techworld Date Posted: 9:25 AM | 243 Views
Fortinet® (NASDAQ: FTNT), the global leader in broad, integrated and automated cybersecurity solutions, today revealed additional findings from its Global Enterprise Security Survey. According to the research, 40 percent of IT decision makers (ITDMs)See More

 
No Space No Problem. Vertiv SmartCabinet™ Solves IT Challenge for Fitness First-Owned Studio
Techworld Date Posted: 20 July 2017 2:18 PM | 210 Views
Vertiv, formerly Emerson Network Power, has installed its innovative SmartCabinet™to deliver a complete IT infrastructure solution in a compact containment at The Space Studio (owned by Fitness First) in Australia, a significant upgrade from.... See More
 
No Space No Problem. Vertiv SmartCabinet™ Solves IT Challenge for Fitness First-Owned Studio
Techworld Date Posted: 2:18 PM | 210 Views
Vertiv, formerly Emerson Network Power, has installed its innovative SmartCabinet™to deliver a complete IT infrastructure solution in a compact containment at The Space Studio (owned by Fitness First) in Australia, a significant upgrade from...See More

 
Fortinet PH Gives Back through Bloodletting Activity
Techworld Date Posted: 2 December 2017 4:07 PM | 220 Views
Fortinet Philippines, a global leader in high-performance cyber security solutions, recently conducted a bloodletting activity in support of the Philippine Red Cross (PRC) National Blood Services, at the PRC Tower National Blood Center in.... See More
 
Fortinet PH Gives Back through Bloodletting Activity
Techworld Date Posted: 4:07 PM | 220 Views
Fortinet Philippines, a global leader in high-performance cyber security solutions, recently conducted a bloodletting activity in support of the Philippine Red Cross (PRC) National Blood Services, at the PRC Tower National Blood Center in...See More

 
SAP Calls for Public and Private Sector Organisations in the Philippines to Harness the Power of Data
Techworld Date Posted: 23 August 2017 1:34 PM | 226 Views
On photo: Ryan Poggi, Managing Director, SAP Philippines and Kathleen Muller, Head of Analytics and Insight, SAP Southeast Asia SAP SE (NYSE: SAP) said today it has harnessed its digital core, bold technologies of the.... See More
 
SAP Calls for Public and Private Sector Organisations in the Philippines to Harness the Power of Data
Techworld Date Posted: 1:34 PM | 226 Views
On photo: Ryan Poggi, Managing Director, SAP Philippines and Kathleen Muller, Head of Analytics and Insight, SAP Southeast Asia SAP SE (NYSE: SAP) said today it has harnessed its digital core, bold technologies of the...See More

 
MSI Gaming Is Coming in Cebu This December
Techworld Date Posted: 29 November 2017 4:53 PM | 220 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, is taking a big step in announcing their new concept corner to be launch this December 2017. . See More
 
MSI Gaming Is Coming in Cebu This December
Techworld Date Posted: 4:53 PM | 220 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, is taking a big step in announcing their new concept corner to be launch this December 2017. See More

 
Get the New iPad 6th Gen from Smart Bro at Php999 per Month
Techworld Date Posted: 24 July 2018 11:16 AM | 357 Views
Looking for the perfect learning tool for your child or a fun and entertaining device to share with your kid?   Look no further as Smart Bro makes it a lot easier for you.... See More
 
Get the New iPad 6th Gen from Smart Bro at Php999 per Month
Techworld Date Posted: 11:16 AM | 357 Views
Looking for the perfect learning tool for your child or a fun and entertaining device to share with your kid?   Look no further as Smart Bro makes it a lot easier for you...See More

 
Free Content Now Available for DRAGON BALL XENOVERSE 2
Techworld Date Posted: 23 January 2018 4:46 PM | 163 Views
BANDAI NAMCO Entertainment Asia is pleased to share details about DRAGON BALL XENOVERSE 2 as new playable characters from the Tournament of Power in Dragon Ball Super. See More
 
Free Content Now Available for DRAGON BALL XENOVERSE 2
Techworld Date Posted: 4:46 PM | 163 Views
BANDAI NAMCO Entertainment Asia is pleased to share details about DRAGON BALL XENOVERSE 2 as new playable characters from the Tournament of Power in Dragon Ball SuperSee More

 
ASRock Kicks Off Mini PC Revolution with the World’s 1st Micro-STX DeskMini RX/GTX System
Techworld Date Posted: 31 January 2017 3:31 AM | 304 Views
Consumers nowadays are seeking for a tiny yet powerful computing gear. Hence, ASRock made its refresh DeskMini system debut at the recently concluded CES 2017.. See More
 
ASRock Kicks Off Mini PC Revolution with the World’s 1st Micro-STX DeskMini RX/GTX System
Techworld Date Posted: 3:31 AM | 304 Views
Consumers nowadays are seeking for a tiny yet powerful computing gear. Hence, ASRock made its refresh DeskMini system debut at the recently concluded CES 2017.See More

 
Smart Offers Groundbreaking OPPO Find X at Php2,799 per Month with Exclusive Freebies
Techworld Date Posted: 21 September 2018 9:26 AM | 95 Views
Getting hold of the world's first panoramic designed phone is easier than ever with Smart, which offers the groundbreaking OPPO Find X under the data-packed GigaX Plans for Php2,799 per month.. See More
 
Smart Offers Groundbreaking OPPO Find X at Php2,799 per Month with Exclusive Freebies
Techworld Date Posted: 9:26 AM | 95 Views
Getting hold of the world's first panoramic designed phone is easier than ever with Smart, which offers the groundbreaking OPPO Find X under the data-packed GigaX Plans for Php2,799 per month.See More

 
PLDT Highlights Aggressive Fiber Network Rollout at 2018 FTTH APAC Confab
Techworld Date Posted: 10 May 2018 10:45 AM | 167 Views
Telco leader PLDT outlined its nationwide fiber network rollout efforts at the recent FTTH APAC Conference held at the Shangri-La at The Fort. . See More
 
PLDT Highlights Aggressive Fiber Network Rollout at 2018 FTTH APAC Confab
Techworld Date Posted: 10:45 AM | 167 Views
Telco leader PLDT outlined its nationwide fiber network rollout efforts at the recent FTTH APAC Conference held at the Shangri-La at The Fort. See More


Power by

Download Free AZ | Free Wordpress Themes