Microsoft has discovered Strontium

Experts at Microsoft Malware Protection Center reported discovery of a new hacker group that is behind several highly complex and carefully organized cyber attacks on government, diplomatic and military organizations of the NATO countries and several countries in Eastern Europe. According to Microsoft experts, the group dubbed Strontium actually exists since 2007; however, it has been especially active this year and its attacks were particularly effective.

Hackers spend a lot of time on tracking and analyzing activity of their potential victims on social networks, and then they carry out the first stage of the attack by sending out very convincing phishing messages. After getting access to systems that they are interested in, cyber criminals identify users that have administrator’s rights and carefully prepare phishing attacks on them. As a result in some cases they manage to get a high level of privilege and infect systems with malware.

Moreover, for each attack Strontium uses specially configured malware that is capable of keylogging, intercepting emails and searching in computer files. Received data is sent to the attack organizers using HTTP, SMTP and POP3 protocols to the addresses that look quite legit, for example softupdates.info and malwarecheck.info. In addition, criminals follow cyber security news very closely and update their tools quickly. Thus, after July’s data breach of the Italian company Hacking Team, which made several zero-day vulnerabilities public, Strontium almost immediately started to use them in their attacks.

For Microsoft it is difficult to say who is behind Strontium attacks. However, considering its scale, the choice of targets and willingness to keep track of them for years, the researchers suppose that most probably hackers are supported on a state level.


source:  Technical Center of Internet

Back to the list