07-31-2014 11:11 AM
Comment/ Another attack campaign against Industries.
Researchers at Kaspersky Lab released a detailed analysis of an advanced attack campaign that has struck about 2,800 victims across multiple industries worldwide.
Dubbed 'Energetic Bear' by CrowdStrike and renamed 'Crouching Yeti' by Kaspersky Lab, the attack campaign has gone on to infect companies worldwide. While CrowdStrike stated the operation was likely the work of a Russian threat actor, researchers at Kaspersky Lab were more hesitant to name names.
"Based in some artifacts, we believe the campaign originated at the end of 2010," according to a blog post by Kaspersky Lab's Global Research and Analysis Team. "The campaign is still alive and getting new daily victims."
"We believe this is an information stealing campaign," the researchers added. "Given the heterogeneous profile of the victims it seems than the attackers were interested in different topics and decided to target some of the most prominent institutions and companies in the world to get latest information."
The attackers used three tactics to distribute malware: spear-phishing using PDF documents armed with an exploit for CVE-2011-0611, an Adobe Flash Player vulnerability; waterhole attacks using a variety of exploits; and Trojanized software installers.
SecurityWeek/ full read here/ http://www.securityweek.com/crouching-yeti-attack-
08-07-2014 06:44 AM
The following article is a update on Crouching Yeti Attack.
(Crouching Yeti still spying)
Kaspersky Lab has warned that the cyber espionage campaign known both as Energetic Bear and Crouching Yeti is still actively spying on a wide range of institutions worldwide.
Energetic Bear/Crouching Yeti has been active since at least 2010, the security company said, with over 2,800 targets worldwide in sectors including industrial/machinery, manufacturing, pharmaceutical, construction, education, and information technology.
A new analysis of the malware and command and control (C&C) infrastructure of the campaign by Kaspersky has shown that the attack does not use highly sophisticated malware, and also throws doubt on the presumed origin of the campaign.
itp.net/ Full Article Here/ http://www.itp.net/599304-crouching-yeti-still-spy