New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Octopus Malware Targets Central Asian Officials

Unfortunate parties were baited to download the Windows Trojan by initiating what they thought was an adaptation of Telegram, a prominent informing application. It is believed social engineering is responsible for circulation, as per the research. Telegram confronted a potential boycott in Kazakhstan, which may have urged clients to download it while it was still accessible. The malware has been linked to the group DustSquad and is named Octopus. It is dependent on the 0ct0pus3.php content found on one of its previous command and control (C&C) servers.  The fraud Telegram application doesn’t really work, which suggests that the malware was made in a hurry, the specialists noted. After some underlying association checks, Octopus joins itself to the system module and builds up a hash of framework information that goes about as a unique fingerprint to monitor its victim as it takes data. Octopus has some strange highlights, including its utilization of the Delphi programming dialect. It additionally exploits the Indy Project to run JSON and transfer information to its C&C server and packs the information with TurboPower Abbrevia. The researchers revealed that a portion of similar unfortunate situations where parties had been contaminated with the Windows Trojan were likewise hit with different assaults, including DroppingElephant, Zebrocy, and StrongPity. Although the threat group may have a specific set of targets, that fact that it used Octopus Malware through a Windows Trojan is a clear-cut sign it could be done anywhere.

Analyst Notes

Security analysts suggest putting resources into cutting-edge phishing devices to ceaselessly look at conceivable dangers as they develop and react when malware indefatigability grows on a framework. Security groups ought to likewise screen their condition for the pointers of obstructed (IoCs) recorded in the IBM X-Force Exchange danger warning.