“It is likely that the high rate of infections is due to the nature of the LuminousMoth attack and its spreading mechanism, as the malware propagates by copying itself to removable drives connected to the system,” according to the writeup. Namely, it copies itself to removable USB drives. The analysts suggested one possible rationale for the splashiness: It could have to do with how LuminousMoth spreads. Of course, that’s a downside for hackers, given that it blows their cover. The noise of a high-volume attack is a red flag for researchers. “It’s not often we observe a large-scale attack conducted by actors fitting this profile, usually due to such attacks being noisy, and thus putting the underlying operation at risk of being compromised by security products or researchers.” -Kaspersky researchers What is atypical about the LuminousMoth campaign is that it’s not only showy, it’s also targeted with “almost surgical precision,” they said. The campaign, going back to at least last October and targeting first Myanmar and now mostly the Philippines, is both large-scale and highly active. Kaspersky researchers said in a Wednesday writeup that they’ve named the advanced threat actor (APT) LuminousMoth. Researchers have spotted a weird one: A newly identified threat actor linked to China that’s first mass-attacking, but then cherry-picking, just a few targets to hit with malware and data exfiltration.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |