The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse.

 

The most peculiar trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software.

 

The LuckyMouse group is known for highly targeted cyberattacks on large entities around the world. The group’s activity is posing a danger to whole regions, including South-Eastern and Central Asia, as their attacks seem to have a political agenda.

 

Judging by victim profiles and the group’s previous attack vectors, Kaspersky Lab researchers think that the Trojan they’ve detected might have been used for nation-state backed cyber-espionage.
The Trojan discovered by Kaspersky Lab experts infected a target computer via a driver built by the threat actors. This allowed the attackers to execute all common tasks such as command execution, downloading and uploading files, and to intercept network traffic.

 

The driver turned out to be the most interesting part of this campaign. To make it trustworthy, the group apparently stole a digital certificate, which belongs to an information security-related software developer and used this to sign malware samples. This was done in an attempt to avoid being detected by security solutions, as a legitimate signature makes the malware look like legal software.

 

Another noteworthy feature of the driver is that despite Luckymouse’s ability to create its own malicious software, the software used in the attack appeared to be a combination of publicly available code samples from the public repositories and custom malware.

 

Such simple adoption of a ready-to-use third-party code, instead of writing original code, saves developers time and makes attribution more difficult.

 

“When a new LuckyMouse campaign appears, it’s almost always around the same time as the leadup to a high-profile political event, and the timing of an attack usually precedes world leader summits. The actor isn’t too worried about attribution – because they are now implementing third-party code samples into their programs, it’s not time-consuming for them to add another layer to their droppers, or to develop a modification for the malware and still remain untraced,” notes Denis Legezo, Security Researcher at Kaspersky Lab.

 

Kaspersky Lab has previously reported on the LuckyMouse actor attacking a national data center to organize a country-level waterholing campaign.

 

How to protect yourself:  

  • Do not automatically trust the code running on your systems. Digital certificates do not guarantee the absence of backdoors.
  • Use a robust security solution, equipped with malicious-behavior detection technologies that enable even previously unknown threats to be caught.
  • Subscribe your organization’s security team to a high quality threat intelligence reporting service in order to get early access to information on the most recent developments in the tactics, techniques and procedures of sophisticated threat actors.

 

Read the full version on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
PLDT Home, the Country’s No.1 Home Broadband, Launches its First Prepaid Broadband Service
Techworld Date Posted: 10 August 2018 2:52 PM | 137 Views
  With the company’s vision of bringing world-class Internet to Filipino families, PLDT has launched its first ever PLDT Home Prepaid WiFi, an affordable service that makes it easier than ever for more families.... See More
 
PLDT Home, the Country’s No.1 Home Broadband, Launches its First Prepaid Broadband Service
Techworld Date Posted: 2:52 PM | 137 Views
  With the company’s vision of bringing world-class Internet to Filipino families, PLDT has launched its first ever PLDT Home Prepaid WiFi, an affordable service that makes it easier than ever for more families...See More

 
DJI Develops Option for Pilots to Fly Without Internet Data Transfer
Techworld Date Posted: 16 August 2017 3:00 PM | 213 Views
DJI, the world's leader in civilian drones and aerial imaging technology, is developing a new local data mode that stops internet traffic to and from its flight control apps, in order to provide enhanced.... See More
 
DJI Develops Option for Pilots to Fly Without Internet Data Transfer
Techworld Date Posted: 3:00 PM | 213 Views
DJI, the world's leader in civilian drones and aerial imaging technology, is developing a new local data mode that stops internet traffic to and from its flight control apps, in order to provide enhanced...See More

 
Philippine Robotics Team Awarded to Compete Globally
Techworld Date Posted: 24 August 2018 4:33 PM | 50 Views
Various schools across the country will represent the Philippines at the World Robotics Olympiad 2018 (WRO 2018) happening on November 15 to 19 in Chiang Mai, Thailand, after being proclaimed as winners of the.... See More
 
Philippine Robotics Team Awarded to Compete Globally
Techworld Date Posted: 4:33 PM | 50 Views
Various schools across the country will represent the Philippines at the World Robotics Olympiad 2018 (WRO 2018) happening on November 15 to 19 in Chiang Mai, Thailand, after being proclaimed as winners of the...See More

 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 19 October 2017 5:27 PM | 236 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of.... See More
 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 5:27 PM | 236 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of...See More

 
CES 2018: HyperX Reveals First Wireless Headset and New Suite of RGB Gaming Gear
Techworld Date Posted: 11 January 2018 10:58 AM | 180 Views
HyperX®, the gaming division of Kingston Technology, today demonstrated its first wireless gaming headset, the HyperX Cloud FlightTM, and an expanded suite of RGB gaming peripherals including the HyperX Alloy Elite RGBTM mechanical keyboard.... See More
 
CES 2018: HyperX Reveals First Wireless Headset and New Suite of RGB Gaming Gear
Techworld Date Posted: 10:58 AM | 180 Views
HyperX®, the gaming division of Kingston Technology, today demonstrated its first wireless gaming headset, the HyperX Cloud FlightTM, and an expanded suite of RGB gaming peripherals including the HyperX Alloy Elite RGBTM mechanical keyboard...See More

 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 29 June 2018 4:21 PM | 160 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta.... See More
 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 4:21 PM | 160 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta...See More

 
Half of Businesses Find It Hard to Identify a Serious Security Breach. Do You?
Techworld Date Posted: 8 November 2017 4:53 PM | 230 Views
Prevention is still the main pillar of corporate cybersecurity, says the report ‘New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks’ from Kaspersky Lab.. See More
 
Half of Businesses Find It Hard to Identify a Serious Security Breach. Do You?
Techworld Date Posted: 4:53 PM | 230 Views
Prevention is still the main pillar of corporate cybersecurity, says the report ‘New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks’ from Kaspersky Lab.See More

 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 11 January 2018 9:32 AM | 191 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:. See More
 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 9:32 AM | 191 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:See More

 
HMD Global Raises USD 100 Million to Fuel Its Next Phase of Growth
Techworld Date Posted: 23 May 2018 11:19 AM | 172 Views
Finland based start-up, HMD Global, the home of Nokia phones, today announced that it has raised additional USD 100 million from multiple investors to scale business operations and fund the company’s growth in its.... See More
 
HMD Global Raises USD 100 Million to Fuel Its Next Phase of Growth
Techworld Date Posted: 11:19 AM | 172 Views
Finland based start-up, HMD Global, the home of Nokia phones, today announced that it has raised additional USD 100 million from multiple investors to scale business operations and fund the company’s growth in its...See More

 
17th Philippine Robotics Olympiad
Techworld Date Posted: 3 July 2018 11:17 AM | 453 Views
The Philippine Robotics Olympiad (PRO) is a science, technology, and educational event which aims to offer an opportunity for students to expand their horizons through the exploration of robots and robotic systems in schools..... See More
 
17th Philippine Robotics Olympiad
Techworld Date Posted: 11:17 AM | 453 Views
The Philippine Robotics Olympiad (PRO) is a science, technology, and educational event which aims to offer an opportunity for students to expand their horizons through the exploration of robots and robotic systems in schools....See More


Power by

Download Free AZ | Free Wordpress Themes