Government

New Malware Spies on Diplomats, High-Profile Government Targets

8 - 15 October 2019

A new modular espionage malware dubbed Attor has been targeting diplomats and high-profile Russian-speaking users in Eastern Europe since at least 2013.

A new modular espionage malware dubbed Attor has been targeting diplomats and high-profile Russian-speaking users in Eastern Europe since at least 2013. The sophisticated malware uses encrypted modules for persistence, data collection, exfiltration as well as Command and Control communication. One particular module uses AT commands (developed during the 1980s) to collect IMSI, IMEI, MSISDN, and software version information from GSM/GPRS modem/phone devices. This fingerprinting capability allows the attackers to craft and deploy customised plugins for further data theft from the infected device. To evade detection, Attor uses TOR-based communications, encryption and three plugins to implement the FTP protocol.

References:

AT Commands, TOR-Based Communications: Meet Attor, a Fantasy Creature and also a Spy Platform (PDF)

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence