(The text below is provided by ESET)
There are several groups actively and profitably targeting businesses in Russia. A trend that we have seen unfold before our eyes lately is these cybercriminals’ use of simple backdoors to gain a foothold in their targets’ networks.
Once they have this access, a lot of the work is done manually, slowly getting to understand the network layout and deploying custom tools the criminals can use to steal funds from these entities. Some of the groups that best exemplify these trends are Buhtrap, Cobalt and Corkow.
The group discussed in this white paper is part of this new trend. We call this new group RTM; it uses custom malware, written in Delphi, that we cover in detail in later sections. The first trace of this tool in our telemetry data dates back to late 2015.
The group also makes use of several different modules that they deploy where appropriate to their targets. They are interested in users of remote banking systems (RBS), mainly in Russia and neighboring countries. In this paper, we cover the details of their tools, whom they target, and offer a rare glimpse into the type of operation they are carrying out.
In this paper, we cover the details of their tools, whom they target, and offer a rare glimpse into the type of operation they are carrying out.
To download the whole study, please click here.
During CyberCentral, Robert Lipovsky, Senior Malware Researcher from ESET, will talk about the evolving threatscape.
“Money-driven professional criminals are in search of the best return of their investments, while nation states utilize malware as part of their arsenal. But what are the ways in which cyber-criminals and malware writers improve their tactics? The presentation will illustrate the evolution of the threat landscape with four current examples. Recently, financial institutions have become victims of advanced targeted attacks, a big step forward from simple banking trojans. On Android, banking trojans have also become much more effective. Thirdly, we will take a look at state level cyber-espionage and cyber-sabotage and explain how the 2016 attacks against the Ukrainian power grid were more advanced than the ones in 2015. Finally, after presenting an overview of actual threats, we will analyze the Stegano exploit kit – to show how creative attackers can be with malware infection vectors.” – Robert Lipovsky
If you want to know more about ESET, then feel free to meet the ESET team at CyberCentral and ask your questions.