사이버 범죄자의 그룹 Turla 이후 사용 발견 복잡한 백도어 2014

ESET 전문가는 해커가 5 년 동안 숨기기로 관리하는 Turla 무기고 새로운 강력한 악기에서 발견, 적어도 이후 2014.

ackdoor named LightNeuron compromises Microsoft mailing servers and functions as mail transfer agent, (MTA) 그와 같은 악성 코드에 대한 일반적이지 않습니다.

연구자 노트, 그, 이들 데이터에 따라, LightNeuron 특별히에 지향하는 fisrt 백도어입니다 Microsoft Exchange. Earlier Turla applied Neuron malware (aka DarkNeuron), that has nothing similar with LightNeuron and was developed with the focus on Microsoft Exchange.

LightNeuron Transport Agent
LightNeuron Transport Agent

LightNeuron not just allows attackers to trace events on mailing server, but to integrate in its work and control virtually anything.

“In architecture of mailing server, backdoor can work on same level of trust, as security products, as spam filters. 따라서, this malware gives cybercriminals full control over mailing server, 과, by this, on all letters”, – explain ESET specialists.

Hackers can intercept and redirect all mails, edit content of sent and inbox messages or block receiving some mails for users. All these opportunities make LigthNeuron one of the most powerful tools in group’s arsenal.

게다가, backdoor differs as it uses one peculiar 기음&C mechanism. The case is that attackers never connected Microsoft servers directly.

대신, they use steganography and mails with attached PDF and JPG files. Inside these letters hackers from LightNeuron team hide commands for LightnNeuron that malware opens and performs. This way of communication with malware significantly complicates its detection, as commands for backdoor might come with ordinary spam that no one pays attention to and does not trace as filters weed it out.

Modified JPG picture with embedded commands for LightNeuron
Modified JPG picture with embedded commands for LightNeuron

As reported, LightNeuron is used for attacks until now. ESET experts have already identified three organizations that suffered from it. Analysts not disclose their names, but report that it is some of the Brazilian structures, Ministry of Foreign Affair from Easter Europe and one regional diplomatic organization on the Middle East.

출처: https://www.welivesecurity.com

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

Heroku가 클라우드 플랫폼에 MageCart

연구진은 여러 MageCart 웹 스키머에 Heroku가 클라우드 플랫폼 발견

Malwarebytes 연구원은 Heroku가 클라우드 플랫폼에서 여러 MageCart 웹 스키머를 찾는 것에 대해보고 …

안드로이드 스파이웨어 CallerSpy

안드로이드 채팅 응용 프로그램으로 CallerSpy 스파이웨어 마스크

트렌드 마이크로의 전문가들은 악성 코드 CallerSpy 발견, 안드로이드 채팅 응용 프로그램으로하는 마스크와, …

회신을 남겨주