ESET and AVAST discover Mikroceen attacking high-profile targets in Central Asia

In News

ESET teamed up with Avast to research a constantly evolving remote access tool (RAT) with the usual backdoor functionality that ESET has dubbed Mikroceen, only to discover that it is being used in espionage attacks against government and business entities (from the telcos and gas industries) in Central Asia.

The attackers were able to gain long-term access to affected networks, manipulate files and take screenshots. Victims’ devices could execute various commands delivered remotely from command and control servers.

The researchers investigated the custom implementation of Mikroceen’s client-server model, purpose-built for cyberespionage. “The malware developers put great effort in securing the client-server connection with their victims. Their malware was leveraged ‘in the wild,’ as the operators managed to penetrate high-profile corporate networks. We also saw a larger attack toolset being used and constantly developed, which consisted mainly of variations in obfuscation techniques,” comments Peter Kálnai, who led the ESET arm of the joint research team.

Mikroceen is under constant development, and security researchers have seen it used with backdoor capabilities in various targeted operations since late 2017. Among tools used by the attackers to move within the infiltrated networks, ESET and Avast researchers also identified Gh0st RAT, an older, yet infamous, RAT created around 2008. There are many similarities between Gh0st RAT and Mikroceen, with the main shift between the projects in securing the connection with a certificate.

Comments

You may also read!

Okta, CrowdStrike, Netskope and Proofpoint partner to implement security strategy

Okta, CrowdStrike, Netskope, and Proofpoint today announced the companies are coordinating to help organizations implement an integrated, zero trust

Read More...

Three step process to mitigate cyber-attacks during the COVID-19 pandemic

With a majority of the organizations opting for remote working in the Middle East due to the COVID-19 pandemic,

Read More...

Cybereason publishes report on global Android mobile malware campaign

Cybereason today published new research from its Nocturnus Research team, titled, FakeSpy Masquerades as Postal Service Apps Around the

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu