Find a Question:
Detection of electronic band “Poseidon” attacking the companies in the UAE
Global research and analysis team at Kaspersky Lab announced the discovery of the gang of “Poseidon” Poseidon Group which is waging an advanced electronic attacks and are active in the global electronic spying operations since 2005 at least.
Among the most prominent characteristic of the gang of “Poseidon” electronic as commercial, and rely on malicious software tailored to specific purposes, and digitally signed fake certificates used to steal sensitive to victims’ statements to force them to enter into a business relationship. In addition to that, this software is designed malware to be specifically on devices running PC running Windows in English, Portuguese, Brazilian, making it the first of its kind.
Were identified at least 35 companies have fallen victim to these attacks, and among the most targeted high-profile targets were the financial and government institutions, telecommunications companies, manufacturing, energy and companies providing consumer services, in addition to the media and public relations firms. And managed Kaspersky Lab experts discovered attacks targeting service companies that meet the top executives of the companies’ needs. It has been monitoring the victims of these electronic gang in the following countries:
The United Arab Emirates
United States of America
However, because the source of the spread of the victims largely to Brazil, where many of the victims who have the same joint-stock companies or joint operational processes exist.
And a gang of “Poseidon,” the electronic properties they target the same scale networks. According to a report of Kaspersky Lab analytical, Gang “Poseidon” electronic rely on phishing messages sent via e-mail attached files RTF / DOC, which often rely seduction technique similar to human resources, where you are installing the malicious code in the target system simply by pressing them. Other key findings, noted the existence of chains software written in Brazilian Portuguese. The choice of the pirates of the systems in Portuguese gang, according to the samples discovered, a new approach is not observed its existence in the past.
Once infected a computer, malware reports are issued to the control servers before the start of the complex phase of lateral moves. It is often at this stage the use of malicious tool specialized gathered automatically and furiously big a wide range of information which includes registration of security access policies and the Group’s management data, and even the system logs, to enable them to launch further court attacks and ensure activating malicious code. Having done this, attackers were able to identify the applications and commands that can be used without alerting the network administrator through lateral moves and infiltration type.
They are then exploited information that is collected through a fictitious company to manipulate corporate victim and force it to contract with the gang of “Poseidon” electronic particular security adviser under the threat of exploitation of the stolen information to conclude a series of shady business deals benefit the gang of “Poseidon” e.
Said Dmitry Bistozhiv, the global research and analysis team at Kaspersky Lab Director for Latin America: “the establishment of the gang back -bosidon – E to a long period and is operable in all places: on the ground and in the air and the sea. Have been found on some of the control of their own control centers within the Internet service providers systems that provide Internet service to ships at sea, as well as Internet connections and wireless other within the inside carriers traditional facilities. “Concluded Dmitry on to say,” In addition, it was found a number of versions of the malicious code, which does not last only for a short period, which contributed to the empowerment of this gang of Bermjatha run for such a long time without being detected. ”
Due to the survival of the gang of “Poseidon” electronic active for at least ten years, it means that the technology used in the design of renewable publications have changed and evolved, making it difficult for many researchers to link indicators together and gather all leads to develop a clear picture on it. However, by collecting all the evidence carefully and deal with the threat factors systematically rework the schedule for the attackers, Kaspersky Lab experts managed in the middle of 2015 emphasized that the relics unearthed in the past and is known, was in fact a return to the same gang, a gang “Poseidon” e.
Kaspersky Lab products work to detect and remove all known gang “Poseidon” versions of electronic components.
To read the full report about the gang of “Poseidon” electronic with a detailed description of malignant tools and relevant statistics, as well as operations penetration settlement indicators, visit: Securelist.com
The following video explains how to investigate complex targeted attacks:Viewing:-131
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!