Kaspersky Lab نے PseudoManuscrypt میلویئر کا پتہ لگایا جو صنعتی تنظیموں پر حملہ کرتا ہے۔

Kaspersky ICS CERT experts detected the PseudoManuscrypt malware, which attacked more than 35,000 computers in 195 countries between January 20 and November 10, 2021. The list of attacked objects includes a significant number of industrial and government organizations, including enterprises of the military-industrial complex and research laboratories.

Researchers say that at least 7.2% of computers attacked by PseudoManuscrypt are part of industrial automation systems (ICS) in organizations of various industries.

The malware was named PseudoManuscrypt because its loader is similar to the Manuscrypt malware loader, which is part of the arsenal of the Lazarus hack group.

Manuscrypt

The PseudoManuscrypt downloader enters the system through the Malware-as-a-Service (MaaS) platform, which distributes malicious installers under the guise of pirated software. کچھ صورتو میں, this happened through the Glupteba botnet (the main installer of which is also distributed under the guise of pirated software).

Google Find

According to experts, the main malicious module PseudoManuscrypt has many spy functions, including stealing VPN connection data, logging keystrokes, taking screenshots and recordings of screen videos, recording sound from a microphone, stealing data from the clipboard and operating room event log data. systems (which also makes it possible to steal data about RDP connections).

Among the computers that were attacked are many engineering machines, including physical and 3D modeling systems for the development and use of digital twins. This allowed experts to assume that one of the possible targets of the campaign is industrial espionage.

There are also two facts in the company’s report. پہلا, the PseudoManuscrypt downloader shares similarities with the Manuscrypt malware downloader used by Lazarus in its 2020 attacks against defence companies in various countries. Second, to transfer stolen data to the attackersserver, PseudoManuscrypt uses an implementation of the rare KCP protocol, which was previously seen only in the malware used by APT41.

البتہ, the lack of an obvious focus in the distribution of a large number of victims, which is not characteristic of targeted cyber campaigns, does not allow unambiguously linking this campaign with Lazarus or any other APT.

This is a very unusual campaign and we are still analysing the available information. البتہ, one fact is clear: this is a threat that professionals need to pay attention to. It affected tens of thousands of computers and was able to spread to thousands of ICS computers, compromising many industrial organizations around the world. We will continue our research and keep the cybersecurity community up to date.comments Vyacheslav Kopeytsev, an industrial security expert at Kaspersky Lab.

Let me remind you that we also talked about the fact that Researchers discovered ALPHV ransomware written in Rust.

ہیلگا اسمتھ

مجھے ہمیشہ کمپیوٹر سائنسز میں دلچسپی تھی۔, خاص طور پر ڈیٹا سیکیورٹی اور تھیم, جسے آج کل کہا جاتا ہے۔ "ڈیٹا سائنس", میری ابتدائی نوعمری سے. ایڈیٹر ان چیف کے طور پر وائرس ہٹانے والی ٹیم میں آنے سے پہلے, میں نے کئی کمپنیوں میں سائبر سیکیورٹی کے ماہر کے طور پر کام کیا۔, ایمیزون کے ٹھیکیداروں میں سے ایک سمیت. ایک اور تجربہ: مجھے آرڈن اور ریڈنگ یونیورسٹیوں میں پڑھانا ملا ہے۔.

جواب چھوڑیں

یہ سائٹ سپیم کو کم کرنے کے لیے Akismet کا استعمال کرتی ہے۔. جانیں کہ آپ کے تبصرے کے ڈیٹا پر کیسے کارروائی کی جاتی ہے۔.

واپس اوپر کے بٹن پر