Tipped off by an NSA breach, researchers discover new APT hacking group

by
Dan Goodin
from Ars Technica - All content on (#4TQ8J)
hacked_by_xxdigipxx-d4ozzco-640x400.png

Stylized image of a UPC barcode. (credit: xxdigipxx)

With a tip that came from one of the biggest breaches in US National Security Agency history, researchers have discovered a new hacking group that infected targets with a previously unknown piece of advanced malware.

Hints of the APT-short for advanced persistent threat-group first emerged in April 2017. That's when a still-unidentified group calling itself the Shadow Brokers published exploits and code developed by, and later stolen from, the NSA. Titled "Lost in Translation," the dispatch was best known for publishing the Eternal Blue exploit that would later power the WannaCry and NotPetya worms that caused tens of billions of dollars' worth of damage worldwide. But the dump included something else: a script that checked compromised computers for malware from a variety of APTs.

Researchers from Kaspersky Lab said one of the APTs described in the script started operations no later than 2009 and then vanished in 2017, the same year the Shadow Brokers post was published. Dubbed DarkUniverse, the group is probably tied to ItaDuke, a group that has actively targeted Uyghur and Tibetans since 2013. The link assessment is based on unique code overlaps in both groups' malware.

Read 5 remaining paragraphs | Comments

index?i=4wo4vKYKEls:Nqyu5YHHwQA:V_sGLiPB index?i=4wo4vKYKEls:Nqyu5YHHwQA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments