‘Pawn Storm,’ a Cyber-Espionage Gang from Russia now more Advanced

According to Kaspersky Lab, a cyber-espionage gang from Russia going by the name Pawn Storm recently employed a set of fresh tools within a still continuing assault that targeted defense contractors while sought to make redundant policies of network isolation, thus published cio.com dated December 4, 2015.

Sofacy the other name of Pawn Storm emerged and remains active ever-since 2007 to target military, security and government organizations of the member nations of NATO in addition to media organizations, Kremlin critics as well as Ukrainian political advocates.

Kaspersky explains that Sofacy used its hacking arsenal on diverse targets this year (2015) while adding a few extra complicated backdoor Trojans such as the AZZY family with the Trojans substituting each other, while being employed together, forming a situation where if one couldn't work on the targeted PC a next one would serve the purpose.

Moreover, the attackers further used techniques of modularization while making a combination of their malware, with currently forming batches of just the most essential within each threat, but installing a greater number of codes through modules that the command-and-control (CnC) server sends at the time scanning of contaminated PCs being targeted exhibit vulnerable software capable of exploitation.

The described technique was utilized in the case of the above mentioned backdoors themselves like Kaspersky elaborates that isolating the CnC's interaction from the key backdoor as well helps reduce that backdoor's visibility.

Kaspersky continues that since the backdoor doesn't straight away transfer data beyond the attacked PC, malware detectors wouldn't find it so suspicious, while citing that Sofacy hid the backdoor's presence as also its communication with the CnC system via side-loading DLLs.

Additionally, the gang further employed one fresh infostealer called USBSTEALER because it targeted USBs for filching and exfiltrating data when the devices were plugged into an infected computer.

During 2014, the Sofacy gang's activity increased nearly ten times more thus getting to be a highly prolific, dynamic and agile threat creator. The activity reached the peak during July 2015, the time when the gang installed 2 totally fresh exploits, a Java and Office 0-days. Cio.com published this.

» SPAMfighter News - 12/15/2015