Submitted via IRC for chromas
DarkUniverse APT Uses Just-in-Time Malware Creation
A threat actor that has been active for at least eight years has been creating new malware samples just before delivering them to victims, Kaspersky Lab reports.
Dubbed DarkUniverse, the adversary is described as the 27th function of a ShadowBrokers script that was included in the 2017 'Lost in Translation' leak and which was designed to check for traces of other APTs on the victim machine.
Code overlaps suggest that the hackers are likely part of the ItaDuke set of activities initially detailed in 2013, Kaspersky's security researchers say.
The group appears to have been active between 2009 and 2017, and the employed malware samples reveal a variety of changes, with the most recent samples being totally different from the older ones.
The malware was being disseminated using spear phishing emails. The messages were carefully tailored for each victim, to entice them into opening an attached malicious Microsoft Office document. An executable file embedded in the document would then begin the malicious routine, which started with dropping two files onto the system.
The first is the updater.mod module, which is implemented as a dynamic-link library with only one exported function, and which ensures communication with the command and control (C&C) server. The second file is glue30.dll, a module that provides keylogging functionality.
Persistence was achieved through a link file placed in the startup folder.
Also at BleepingComputer
(Score: 3, Interesting) by maxwell demon on Monday November 11 2019, @04:16PM (3 children)
I don't think they meant something like
but what did they mean with APT?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2, Informative) by Anonymous Coward on Monday November 11 2019, @05:44PM (1 child)
APT == "Advanced Persistent Threat"
https://en.wikipedia.org/wiki/Advanced_persistent_threat [wikipedia.org]
I'm surprised you didn't know that. You're usually pretty well informed.
Then again, InfoSec [wikipedia.org] isn't exactly mainstream.
(Score: 2) by Pino P on Wednesday November 13 2019, @04:34AM
In other words, what Microsoft saw Debian and other GNU/Linux distributions as before Satya Nadella and before Azure.
(Score: 2) by DannyB on Monday November 11 2019, @06:29PM
APT means they are patient and have lots of money.
People today are educated enough to repeat what they are taught but not to question what they are taught.