The new Trojan horse targets European diplomatic institutions |
Kaspersky Technologies has discovered a new type of malware that spies on European diplomatic institutions. The main delivery tool is a fake visa application. The analysis shows that spyware uses COMPFun Trojan. Using the same basic code code, the program discovered the last attack in November 2019. Popular.
The main goal of spyware is to deploy it in the victim's equipment to collect data and transfer it to the authorities behind them. The program is often used by various threats and its vulnerability is proportional to the importance of the victim. Whether it is a government agency or a major related infrastructure, because the stolen information is of great value to the people behind it and the information leakage will cause profound changes in the landscape.
There are many similarities between the detected malware and COMPFun Trojan, which were first discovered in 2014. In the field of digital security, the next version of Reductor was launched in 2019. New Trojan features include the ability to understand geographic target location and host data collection Network and logging properties. Keyboard keys capture screen content.
According to Kaspersky experts, Trojan has full functionality and can be transferred to portable storage devices. The first-stage deployment tool is downloaded from a shared local network that contains the file name associated with the visa application process. Applies to targeted diplomatic institutions. The native application remains encrypted in the distribution tool and is next to the next level of malware created with 32-bit and 64-bit architectures.
Depending on the victim, Kaspersky connects the original COMPfun Trojan software with threats emerging from Turla with low and medium confidence levels.
Kaspersky Chief Security Researcher (Kurt Baumgartner): Malware operators have focused on diplomatic institutions and decided to request visa requests that are stored in a shared directory on the local network, where the original infection vector is effective for them. He added: By combining professional methods to achieve their goals, develop their ideas and put them into practice, they form a strong, destructive team. ""
Kaspersky recommends the following measures to protect different entities from threats such as COMPfun Trojan:
- Run regular security checks on the company's technical infrastructure.
- Use reliable security solutions to protect client workstations. For example, Kaspersky Internet Security can prevent and update file threats to detect the latest types of malware.
- Use reliable security solutions to detect, investigate, and respond to threats on devices such as Kaspersky Endpoint for timely detection and response.
- Use enterprise-class security solutions that can detect advanced cyber threats early, such as: B. Kaspersky Anti-Attack Platform.
- Provide the most recent information about threats to teams in the Security Operations Center to track new tools, methods, and strategies used by actors and cybercriminals.