At a glance.
- StripedFly reclassified.
- YoroTrooper is interested in the Commonwealth of Independent States.
- The current state of DDoS attacks.
- The effect of cyberattacks on small businesses.
- Ukrainian hacktivists deface Russian artists' Spotify pages.
- Troll amplification.
- Crooks heart Mr. Gosling.
Kim Zetter reports, in Zero Day, that the StripedFly cryptominer has turned out to be more malign than hitherto expected. When Kaspersky discovered it in 2017, they wrote it off as a simple piece of criminal malware, designed for cryptomining. They also wrote it off as uninteresting and unsuccessful, yielding its proprietors nothing more than chump change from mining Monero alt-coin: just ten bucks in 2017, only $500 in 2018. Apparently, however, StripedFly was actually interested in collecting information, not cryptocurrency. Kaspersky "discovered the miner was actually a cover for a sophisticated spy platform that has infected more than one million victims around the world since 2017."
StripedFly seems to be a carefully designed espionage toolset that masked itself as an uninteresting, stumblebum criminal operation. "The spy components include ones for harvesting credentials from infected machines; for siphoning .PDFs, videos, databases and other valuable files; grabbing screenshots; and recording conversations through an infected system’s microphone. The platform also has an updating function that lets the attackers push out new versions of it whenever Windows and Linux operating systems get updated. The malware gets pushed out from encrypted archives stored on GitLab, GitHub, and Bitbucket."
StripedFly gains initial access to its targets through a variant of EternalBlue, an exploit attributed to an actor Kaspersky tracks as the Equation Group. Kaspersky studiously avoids attribution to nation-state services, but the Equation Group is widely believed to be associated with the US National Security Agency. EternalBlue was blown by the ShadowBrokers in April of 2017, a month after Microsoft patched the vulnerability the malware was designed to support. Since then other services, notably China's Ministry of State Security, have used variants of EternalBlue, but it's not at all clear who's responsible for StripedFly. It does seem clear, however, that it's an espionage operation, and not a low-grade criminal caper.