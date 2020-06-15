Se connecter  
Suivez Informaticien.be sur Facebook  Suivez Informaticien.be sur Twitter  Suivez le Podcast Les Technos sur YouTube  Suivez le Podcast Les Technos sur iTunes  Suivez le Podcast Les Technos sur Facebook  Suivez Informaticien.be via RSS  Supportez Informaticien.be via Patreon
Version Imprimable
Gamaredon group targets Microsoft Outlook and Office, ESET researchers report
Publié le 15/06/2020 Dans Press Releases  Par zion
Le texte suivant est issu d'un communiqué de presse et ne reflète en rien l'opinion de la rédaction.
Bratislava, June 11, 2020 – ESET researchers have discovered new tools used by the Gamaredon group in their latest malicious campaigns. The first tool targets Microsoft Outlook using a custom Microsoft Outlook Visual Basic for Applications (VBA) project and allows the attackers to use the victim’s email account to send spearphishing emails to contacts in the address book. Using Outlook macros to deliver malware is something rarely seen by researchers. The second tool is used by the notoriously active APT group to inject macros and references to remote templates into Office documents – Word and Excel. Both are designed to help the Gamaredon group spread further in already compromised networks.

“In the last few months, there has been an increase in activity from this group, with constant waves of malicious emails hitting their targets’ mailboxes. The attachments to these emails are documents with malicious macros that, when executed, try to download a multitude of different types of malware,” says Jean-Ian Boutin, Head of Threat Research at ESET.

The latest tools inject malicious macros or references to remote templates into existing documents on the attacked system, which is a very efficient way of moving within an organization’s network, as documents are routinely shared amongst colleagues. Furthermore, thanks to a special functionality that tampers with the Microsoft Office macro security settings, the affected users have no idea that they are again compromising their workstations whenever they open the documents.

The group uses backdoors and file stealers to identify and collect sensitive documents on a compromised system to be uploaded to the C&C server. Furthermore, these file stealers have the capability to execute arbitrary code from the C&C server.

There is one major distinction between Gamaredon and other APT groups – the attackers make little to no effort to stay under the radar. Even though their tools have the capacity to use stealthier techniques, it seems this group’s main focus is to spread as far and fast as possible in their target’s network while trying to exfiltrate data.

“While abusing a compromised mailbox to send malicious emails without the victim’s consent is not a new technique, we believe this is the first publicly documented case of an attack group using an OTM file and Outlook macro to achieve it,” explains Boutin about the ESET discovery. “We were able to collect numerous different samples of malicious scripts, executables and documents used by the Gamaredon group throughout their campaigns.”

Typical compromise chain in a Gamaredon campaign

Gamaredon group has been active since at least 2013. It has been responsible for a number of attacks, mostly against Ukrainian institutions.
Tools discussed in this research are detected as variants of MSIL/Pterodo, Win32/Pterodo or Win64/Pterodo by ESET’s products.

For more technical details about Gamaredon’s latest tools, read the full blog post “Gamaredon group grows its game” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter for the latest news from ESET Research. 

About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET is the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.
Plus d'articles dans cette catégorie
11-06Microsoft Outlook et Office ciblés par le groupe Gamaredon, rapportent les chercheurs d’ESET
25-05Aujourd'hui, deuxième anniversaire du RGPD
20-05ESET repris comme solution EDR d'architecture d'entreprise dans le rapport Forrester Now Tech
14-05Ramsay, nouvel environnement de cyberespionnage, découvert par ESET Research
08-05L’avenir du mot de passe…
05-05ESET publie son premier rapport sur les menaces 2020 (THREAT Report)
28-04Un cheval de Troie exploite la pandémie COVID-19 : ESET enquête sur Grandoreiro
15-04Avec le lancement de la version 5 de Document Navigator, Konica Minolta offre un module de comptabilité dédié aux petites entreprises 
09-04EuroDNS met gratuitement à disposition WordPress géré et Jetpack pendant un mois
09-04L’intégrateur IBGraf dévoile ses ambitions avec l’acquisition de Plug and Go Info et Account IT

Poster un commentaire
Vous devez être identifié pour accéder à cette fonctionnalité

Utilisateur
Mot de passe
 
Forum  - Derniers messages
10:58
  Aujourd'hui... j'ai acheté...
18:09
  Quel fournisseur internet...
18:03
  Nettoyage pc
23:31
  Bavardons, le ciel est bleu, les oiseaux chantent...
09:55
  Petit site sous Wordpress derrière HAProxy
11:24
  étude
17:24
  Installer un système de prise de rendez-vous
18:04
  Kodi : refaire fonctionner l'extension Youtube
21:29
  Modification d'ordinateur
13:48
  Site pédagogique : créer une extension
Actualités  - Archives
12-06 
Apple annonce la plus grande WWDC jamais réalisée: voici le programme complet
12-06 
Voici la PS5. Deux versions, avec et sans lecteur optique
12-06 
GTA V prêt pour le deuxième saut générationnel: dans une version "améliorée et élargie"
12-06 
Le Computex 2020 annulé : rendez-vous en 2021
12-06 
Quels smartphones et tablettes Samsung seront mis à jour vers Android 11 ?
12-06 
Google met certaines de ses fonctionnalités Assistant à la disposition de tous les appareils intelligents
12-06 
Facebook examine les données de Wikipedia pour s'améliorer en tant que source d'informations
12-06 
Les Technos #262: Apple et ARM, PHP a 25 ans, SSD 8 To, reconnaissance faciale,…
11-06 
La PlayStation 5 présentée ce soir à 22h
11-06 
Adobe Photoshop Camera disponible gratuitement pour iPhone et iPad
Informaticien.be  - © 2002-2020 Akretio SPRL  - Generated via Kelare
The Akretio Network: Akretio  - Freedelity  - KelCommerce  - Votre publicité sur informaticien.be ?