What is Invisimol malware

Spy group targets military facilities and diplomatic missions - ESET researchers analyze InvisiMole Group's latest campaign

Dow Jones has received payment from Press Text to distribute this press release through its network.

Jena (pts014 / 06/18/2020 / 12:00) - During the InvisiMole Group's current malware campaign, ESET researchers uncovered their latest tools and previously unknown details about how they work. Targeted attacks on high-profile organizations in the military sector and diplomatic missions in Eastern Europe characterize this new action by cyber spies. The results of the investigation come from an in-depth analysis by ESET experts in collaboration with the organizations concerned. The analysis of the ESET telemetry data shows that the attacks lasted from the end of 2019 until the publication of the research report. As part of the ESET Virtual World currently being held, the experts from the European IT security manufacturer will present their results to the public for the first time. The full report and whitepaper are now available online on Welivesecurity. "The InvisiMole group already attracted attention in the past with highly developed backdoors. However, we lacked insight into the background - how the malicious programs are distributed, how they are spread and how they get onto the systems," explains ESET researcher Zuzana Hromcová, who examined InvisiMole in depth. "With this knowledge gained from this current analysis, we will be able to follow the malicious activities of the group even more closely in the future." ESET gets deep insights into how InvisiMole works Thanks to the collaboration with the organizations concerned, ESET researchers had the opportunity to take a closer look at InvisiMole's operations. "In our analysis, we were able to take a very close look at the group's extensive toolkit, which was used for delivery, movement in the network and executing the backdoors," continues Anton Tscherepanow, senior ESET malware researcher in the InvisiMole case. ESET analysis reveals collaboration between two espionage groups One of the main findings of the investigation concerns the collaboration between the InvisiMole group and another espionage group called Gamaredon. The researchers found that InvisiMole's tools and malicious programs are only used after Gamaredon has already penetrated the network of the attacked target. The ESET researchers suspect that the attacks on key targets will be upgraded from the relatively simple Gamaredon malware to the more advanced InvisiMole malware. This helps the group to remain undetected with its malware and to better disguise its approach. To do this, InvisiMole uses four different sequences in which malicious code was created with legitimate tools and vulnerable executable files. So that the actual malicious program is not recognized by the security researchers, it encrypts the components individually for each victim. In addition, the new tool set also contains a new function called DNS tunneling. This camouflages the communication with the C&C server. About InvisiMole According to the experts of the European IT security manufacturer, InvisiMole has been active since at least 2013. ESET researchers reported on them back in 2018 in connection with targeted espionage activities in Russia and Ukraine. Further technical details as well as a white paper on the current analysis about the InvisiMole group are available on Welivesecurity: https://www.welivesecurity.com/deutsch/2020/06/18/kooperation- between-invisimol e-und-gamaredon / (end ) Sender: ESET Deutschland GmbH Contact: Christian Lueg Tel .: +49 3641 3114 269 E-Mail: [email protected] Website: www.eset.com/de Source: http://www.pressetext.com/ news / 20200618014

(END) Dow Jones Newswires

June 18, 2020 6:00 AM ET (10:00 GMT)

Free securities trading on Smartbroker.de