New Malware Spies on Diplomats, High-Profile Government Targets
A new modular espionage malware dubbed Attor has been targeting diplomats and high-profile Russian-speaking users in Eastern Europe since at least 2013. The sophisticated malware uses encrypted modules for persistence, data collection, exfiltration as well as Command and Control communication. One particular module uses AT commands (developed during the 1980s) to collect IMSI, IMEI, MSISDN, and software version information from GSM/GPRS modem/phone devices. This fingerprinting capability allows the attackers to craft and deploy customised plugins for further data theft from the infected device. To evade detection, Attor uses TOR-based communications, encryption and three plugins to implement the FTP protocol.
References:AT Commands, TOR-Based Communications: Meet Attor, a Fantasy Creature and also a Spy Platform (PDF)
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services