About 2,800 Victims of Worldwide Info-stealing Campaign Targeting Various Sectors

01 Aug 2014

SC Magazine, By Adam Greenberg

An unidentified threat group has compromised approximately 2,800 victims from various sectors around the world in an information stealing campaign that dates back to the end of 2010, according to a Kaspersky Lab Global Research & Analysis Team report.

Security firm CrowdStrike had identified the campaign as "Energetic Bear" in January because the energy sector seemed to be the prime target, but Kaspersky renamed it "Crouching Yeti" since the manufacturing, pharmaceutical, construction, education, information technology, and, most of all, the industrial and machinery sectors are also being targeted.

The stealthy Crouching Yeti team typically infects targets using trojanized software installers, waterhole attacks that take advantage of an assortment of exploits, and PDF documents embedded with Flash exploit CVE-2011-0611 that are attached to spearphishing emails.

With 27 different version identified, the Havex trojan has been used most by the attackers to infect victims; however, they also rely on the Sysmain trojan, as well as the ClientX backdoor and the Karagany backdoor, according to the report. Read more.