The code, tactics, techniques, and procedures (TTP) used against government financial regulatory websites in Poland, Mexico, and Uruguay are all too similar to be coincidental. These attacks are almost certainly being carried out by a known APT Group. Security researchers in Poland are uncovering artifacts from a recent breach where attackers used that country’s financial regulatory organization’s website to spread malware. Indicators of Compromise (IOCs) that led to the discovery included abnormal network traffic and unknown encrypted executables resident on victim machines. This APT Group has targeted Asian based financial institutions and manufacturing companies since at least 2009; in addition to stealing $81M from global financial institutions. They were also attributed with cyber espionage campaigns. Technical details of the attack in Poland, and mitigations are provided herein...READ MOREWapack Labs has cataloged and reported extensively on APT malware in the past. An archive of related reporting can be found in the Red Sky Alliance portal.
WWW.WAPACKLABS.COM
