About 2,800 Victims of Worldwide Info-stealing Campaign Targeting Various Sectors
SC Magazine, By Adam Greenberg
An unidentified threat group has compromised approximately 2,800
victims from various sectors around the world in an information stealing
campaign that dates back to the end of 2010, according to a Kaspersky Lab
Global Research & Analysis Team report.
Security firm CrowdStrike had
identified the campaign as "Energetic Bear"
in January because the energy sector seemed to be the prime target, but
Kaspersky renamed it "Crouching Yeti" since the manufacturing,
pharmaceutical, construction, education, information technology, and, most of
all, the industrial and machinery sectors are also being targeted.
The stealthy Crouching Yeti
team typically infects targets using trojanized software installers, waterhole
attacks that take advantage of an assortment of exploits, and PDF documents
embedded with Flash exploit CVE-2011-0611 that are attached to spearphishing
With 27 different version
identified, the Havex trojan has been used most by the attackers to infect
victims; however, they also rely on the Sysmain trojan, as well as the ClientX
backdoor and the Karagany backdoor, according to the report. Read more.