/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/post_banners/voicendata/wp-content/uploads/2014/12/fortinet.png)
NEW DELHI: Cyber espionage attacks are becoming more sophisticated and are targeting defined users with complex, modular tools, reveals software security company Kaspersky Lab.
During a detailed analysis of the Equation Drug cyber espionage platform, Kaspersky Lab specialists found that following the industry’s growing success in exposing advanced persistent threat (APT) groups, the most sophisticated threat actors now focus on increasing the number of components in their malicious platform in order to reduce their visibility and enhance stealth.
EquationDrug is the main espionage platform developed by the Equation Group. It has been in use for more than a decade although it is now largely being replaced by the even more sophisticated GrayFish platform.
The latest platforms now carry many plugin modules that allow them to select and perform a wide range of different functions, depending on their target victim and information they hold. Kaspersky Lab estimates that EquationDrug includes 116 different plugins.
“Nation-state attackers are looking to create more stable, invisible, reliable and universal cyberespionage tools. They are focused on creating frameworks for wrapping such code into something that can be customized on live systems and provide a reliable way to store all components and data in encrypted form, inaccessible to regular users,” said Costin Raiu, Director of Global Research and Analysis Team at Kaspersky Lab.
“Sophistication of the framework makes this type of actor different from traditional cybercriminals, who prefer to focus on payload and malware capabilities designed for direct financial gains.”
Other ways in which nation-state attackers differentiate their tactics from traditional cybercriminals are: Traditional cybercriminals mass-distribute emails with malicious attachments or infect websites on a large scale, while nation-state actors prefer highly targeted, surgical strikes, infecting just a handful of selected users.
While traditional cybercriminals typically reuse publicly available source code such as that of the infamous Zeus or Carberp Trojans, nation-state actors build unique, customized malware, and even implement restrictions that prevent decryption and execution outside of the target computer.
“It may seem unusual that a cyberespionage platform as powerful as EquationDrug doesn't provide all stealing capability as standard in its malware core. The answer is that they prefer to customize the attack for each one of their victims.
Only if they have chosen to actively monitor you and the security products on your machines have been disarmed, will you receive a plugin for the live tracking of your conversations or other specific functions related to your activities. We believe modularity and customization will become a unique trademark of nation-state attackers in the future,” said Raiu.