At this point, it appears the attack is found only in organisations using Windows computers.  The same attack, however, can be configured to other operating systems. The attack appears to be a modification of the Stuxnet worm the US government used against the Iranian nuclear processing machinery. It is similar to the Duqu2 attack on Kaspersky that seemed to be state-sponsored

Kaspersky has identified the detail of the attack process and offers a (technical) way of detecting this particular attack, of which parts are indirectly revealed by Kaspersky's normal scan tools.

Resources

Notified in ITNews 14/2/17

https://www.itnews.com.au/news/banks-under-attack-from-almost-invisible-malware-450597?eid=65&edate=20170214&utm_source=20170214&utm_medium=newsletter&utm_campaign=sc_weekly

https://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/

 


© 2022 Design Out Crime and CPTED Centre. All Rights Reserved.