New malware has targeted more than 35,000 computers in 195 countries – a large-scale spyware attack. Kaspersky cybersecurity experts explain it well.
It’s only been a few days since we learned of a phishing attack involving even the last Spider-Man movie. Today the news concerns a large-scale indiscriminate campaign. In fact, from 20 January to 10 November 2021, the cybersecurity experts of Kaspersky they discovered new malware that they targeted more than 35,000 computers in 195 countries. Nicknamed “NicknameManuscryptDue to similarities with APT Lazarus group’s Manuscrypt malware, this new malware possesses advanced spying capabilities and has targeted both government organizations and industrial control systems (ICS) in several industries. Military organizations and research laboratories were also identified among the objectives. 7.2% of the computers attacked by the spyware campaign were part of industrial control systems (ICS), and the industries most affected were engineering and home automation.
Initially, the download of PseudoManuscrypt took place on the victims’ systems via fake pirated software installers, some of which are specific to ICS software. These rogue installers are likely to be offered via a Malware-as-a-Service (MaaS) platform. In some cases, PseudoManuscrypt was installed via the well-known Glupteba botnet. After the initial infection, a complicated chain of infections was initiated which led to the download of the main malicious module. Kaspersky experts have identified two variants of this module.
Both are capable of offering advanced spyware features, including logging keystrokes, copying information from the clipboard, stealing VPN (and potentially RDP) authentication credentials, login credentials, screenshots, and more. The attacks show no particular preference for specific industries, however, the large number of computers attacked in the engineering sector, including systems used for 3D and physical modeling and digital twins, suggests that industrial espionage could be one of the targets.
Oddly, some of the victims are tied to the objectives of the Lazarus campaign as previously noted by ICS CERT. The data is sent to the attacker’s server over a rare protocol that uses a library previously used only with APT41 malware. However, taking into account the large number of victims and the lack of explicit focus, Kaspersky does not link the campaign to Lazarus or any other known APT threat actors.
“This is a very unusual campaign. We are still collecting the various information we have available. However, one thing is clear: this is a threat that experts need to watch out for. It has been able to reach thousands of ICS computers, including many high profile organizations. We will continue our investigations, keeping the security community informed of any new findings “,commented Vyacheslav Kopeytsev, Kaspersky security expert.
To protect against PseudoManuscrypt, cybersecurity experts recommend:
In the world of mobile gaming, Monopoly GO is a popular game known for being…
In view of the sixth F1 round of the season which will stop in the…
Different motivations but same objectives, score points. So let's find out where to watch Salernitana-AtalantaTelevision…
Let's discover QuiGioco together, a new platform in the great universe of online casinos and…
Amazon Prime Video releases for May 2024: here are the films, shows and TV series…
In this new episode of Anime Breakfast, this time a review, let's find out together…