A gang of Russian cyber criminals has been carrying out a large-scale cyber attack campaign against organisations including government and transport bodies, according to security firm WebSense.
Using the Mevade malware, which has a Tor command and control functionality to hide operations, the crooks went after entities in the US, UK, Canada and India, the security firm says. The campaign started around 23 July, and may also have involved actors in Ukraine were also involved.
“This campaign has infected hundreds of organisations and thousands of computers worldwide and appears to be used for a variety of purposes, including redirecting network traffic and click fraud, as well as search result highjacking,” Websense wrote in a blog post.
See below for a geographical breakdown of the cyber campaign, with targets in blue, and command and control infrastructure in red:
The malware appeared to use a number of tricks to evade detection outside of disabling anti-virus systems. It checked for the presence of the Sandboxie tool used by researchers to analyse malware as well as for Oracle VirtualBox services, indicating it would know if it was running in a virtual environment.
It also used a lightweight proxy called 3proxy so the attackers could get commands to run direct from the malware and on to a target network, Websense said.
“In these cases, the Proxy is configured as a reverse proxy, with the ability to tunnel through NAT (Network Address Translated) environments to create a connection to the attacker’s infrastructure and initiate a backdoor directly into the target network (in this case, using SSL over port 443),” the company added.
“The use of reverse proxies indicates that the cyber-criminals plan to manually scan a network and move laterally towards more critical apps and information (such as databases, critical systems, source-code, and document repositories) than might exist on the original machine that has been compromised.”
How well do you know Internet security? Try our quiz!
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
