Version 1.0 – 23/11/2015
All Rights Reserved To Minerva Labs LTD and ClearSky Cyber Security, 2015
Executive Summary
The Middle East has been a cyber warfare hotspot for almost a decade now, a theatre for some of the most advanced threats the world has ever witnessed. In between those highly advanced attacks, more and more attackers possessing only a basic set of skills started to pop up – spreading well known RATs, obfuscated with generic publicly-available packers.
This report focuses on the CopyKittens, a mid-level group.
The CopyKittens attacks are effective and advanced in a few ways:
-
Infecting of computers is performed in multi-stage, stealthy method
-
Data exfiltration is performed over DNS protocol
-
They avoid using known RATs and packers, tools are "homemade"
-
Constant development is performed to overcome security products improvements
Yet, this group is clearly not made up of dozens of high-end computer and security experts. The CopyKittens assembled major parts of their attack from code snippets carefully picked from public repositories and online forums, hence their nickname. We also named their attack tool "Matryoshka"1 due to the fact that it was written as a multi-stage framework, with each part of it built to integrate its subsequent step.
We have had only....>
Author
Latest Articles
- BlogJanuary 18, 20172017 Global Fraud and Cybercrime Forecast - Explained Visually by RSA
- BlogJanuary 17, 2017Don’t try to master it all – just try to understand how to NOT be the low hanging fruit - Interview with Christopher Hadnagy, CEO of Social-Engineer, LLC.
- BlogJanuary 9, 2017Top 5 Cybersecurity Threats to Watch Out for in 2017 - Infographic by InApp
- BlogJanuary 4, 2017Don't underestimate the script kiddies nowadays - Interview with Tal Argoni, Co- Founder of Triad Security
Subscribe
Login
0 Comments
Newest