Security News > 2020 > June > InvisiMole Hackers Target High-Profile Military and Diplomatic Entities

InvisiMole Hackers Target High-Profile Military and Diplomatic Entities
2020-06-18 02:50

Cybersecurity researchers today uncovered the modus operandi of an elusive threat group that hacks into the high-profile military and diplomatic entities in Eastern Europe for espionage.

Cooperation with the Gamaredon Group First discovered in 2018, InvisiMole has been active at least since 2013 in connection with targeted cyber-espionage operations in Ukraine and Russia.

"Gamaredon is used to pave the way for a far stealthier payload - according to our telemetry, a small number of Gamaredon's targets are 'upgraded' to the advanced InvisiMole malware, likely those deemed particularly significant by the attackers," the researchers said, adding the malware is deployed only after the attackers gained administrative privileges, as many of InvisiMole's execution methods require elevated permissions.

Once the initial compromise takes place, InvisiMole exploits BlueKeep and EternalBlue vulnerabilities in RDP and SMB protocols or makes use of trojanized documents and software installers to propagate laterally across the network.

"The targets considered particularly significant by the attackers are upgraded from relatively simple Gamaredon malware to the advanced InvisiMole malware," ESET researcher Zuzana Hromcová said.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/FYDckKKjFFw/invisimole-hackers.html