The MASK - Most sophisticated(frightening) attack till data!
When we say "data breach" these path months,we think of "Target, Neiman Marcus" and all other typical public use places. There has been a major threat which has attacked all the nation's most classified data , research interests, financial settlements and highly valued data within government offices, diplomats, educational institutions,..etc. Irony is this attack is been under the radar "invisible" almost 6 years in almost every country / systems possible.
What is MASK ?
- The Mask - advanced threat actor that has been involved in cyber-espionage operations since at least 2007, was found only by the end of 2013. Thought to be from Spanish group because of the word “Careto” used in the some of the modules.
- Has infected 31 countries and 1000 + IPs worldwide.
- Most Advanced threat at current time.
- Suspected to be the nation state attack - because it is sophisticated, highly organized, .
Targets of the Attack:
- *.AKF,*.ASC,*.AXX,*.CFD,*.CFE,*.CRT,*.DOC,*.DOCX,*.EML,*.ENC,*.GMG,*.GPG,*.HSE,*.KEY,*.M15,*.M2F,*.M2O,*.M2R,*.MLS,*.OCFS,*.OCU,*.ODS,*.ODT,*.OVPN,*.P7C,*.P7M,*.P7Z,*.PAB,*.PDF,*.PGP,*.PKR,*.PPK,*.PSW,*.PXL,*.RDP,*.RTF,*.SDC,*.SDW,*.SKR,*.SSH,*.SXC,*.SXW,*.VSD,*.WAB,*.WPD,*.WPS,*.WRD,*.XLS,*.XLSX
- Targets : Government institutions, Diplomatic offices , energy and gas companies, research institutions.
Detection : Extremely difficult because of the stealth capabilties. Malware changes when downloaded to new systems. So its sign is never the same.
Infestation :
It uses multiple vectors
- *.AKF,*.ASC,*.AXX,*.CFD,*.CFE,*.CRT,*.DOC,*.DOCX,*.EML,*.ENC,*.GMG,*.GPG,*.HSE,*.KEY,*.M15,*.M2F,*.M2O,*.M2R,*.MLS,*.OCFS,*.OCU,*.ODS,*.ODT,*.OVPN,*.P7C,*.P7M,*.P7Z,*.PAB,*.PDF,*.PGP,*.PKR,*.PPK,*.PSW,*.PXL,*.RDP,*.RTF,*.SDC,*.SDW,*.SKR,*.SSH,*.SXC,*.SXW,*.VSD,*.WAB,*.WPD,*.WPS,*.WRD,*.XLS,*.XLSX
- Targets : Government institutions, Diplomatic offices , energy and gas companies, research institutions.
Detection : Extremely difficult because of the stealth capabilties. Malware changes when downloaded to new systems. So its sign is never the same.
Infestation :
It uses multiple vectors
- phishing emails
- exploit old adobe flash player vulnerability (first used to break chrome sandbox) Chrome broken
- prompting the user for java update / chrome plugin
- Subdomain of genuine websites. Guardian links used in malware
Malware uses the packages for spreading through all the connected systems:
No comments:
Post a Comment