A Russian hacking group has released new malicious software to infect computers running on Apple OSX, told cyber security researchers at Palo Alto Networks.
The cyber espionage group suspected to have intelligence links with Russian agency, GRU is believed to be the same that had allegedly struck the Democratic National Committee (DNC) and the World Anti-Doping Agency. The group was dubbed as Sofacy Group by California-based experts and over the years has received many titles by analysts like ‘Fancy Bears’, ‘APT28’ and ‘Pawn Storm’.
The Trojan out is known as ‘Komplex’ which does not exploit an Apple security flaw but instead takes hold via extremely targeted spear phishing tactics. It pretends to be a 17-page PDF document describing future projects of the Roscomos State Space Corporation, Russia's space agency between 2016 and 2025. The malware is designed to steal information from a compromised system and send it to a remote server.
After the victim opens the link to the PDF, the file downloads additional files to infect the machine, executing and deleting files and interacting with the system shell.
The researchers noted a number of coding overlaps including similarities with an OSX Trojan in Komplex.
It doesn't appear that Komplex was signed with a developer's digital certificate from Apple. Although anyone can obtain those certificates but including them makes an application more legitimate on the surface.
Earlier when the group had attacked DNC had leaked more than 19,000 internal e-mails which caused turmoil in the party after the correspondence showed party officials favored Hillary Clinton for the Democratic presidential nomination. The hacking group is also believed to have hacked WADA, releasing documents that called into question drug exemptions granted to top athletes for the Rio Olympics.
The US government is still investigating if Russian government is behind the hacks and other suspicious activities which is why it has not blamed it directly. However, in the first presidential debate, Clinton directly accused Russian President, Vladimir Putin of ordering the attacks.
The cyber espionage group suspected to have intelligence links with Russian agency, GRU is believed to be the same that had allegedly struck the Democratic National Committee (DNC) and the World Anti-Doping Agency. The group was dubbed as Sofacy Group by California-based experts and over the years has received many titles by analysts like ‘Fancy Bears’, ‘APT28’ and ‘Pawn Storm’.
The Trojan out is known as ‘Komplex’ which does not exploit an Apple security flaw but instead takes hold via extremely targeted spear phishing tactics. It pretends to be a 17-page PDF document describing future projects of the Roscomos State Space Corporation, Russia's space agency between 2016 and 2025. The malware is designed to steal information from a compromised system and send it to a remote server.
After the victim opens the link to the PDF, the file downloads additional files to infect the machine, executing and deleting files and interacting with the system shell.
The researchers noted a number of coding overlaps including similarities with an OSX Trojan in Komplex.
It doesn't appear that Komplex was signed with a developer's digital certificate from Apple. Although anyone can obtain those certificates but including them makes an application more legitimate on the surface.
Earlier when the group had attacked DNC had leaked more than 19,000 internal e-mails which caused turmoil in the party after the correspondence showed party officials favored Hillary Clinton for the Democratic presidential nomination. The hacking group is also believed to have hacked WADA, releasing documents that called into question drug exemptions granted to top athletes for the Rio Olympics.
The US government is still investigating if Russian government is behind the hacks and other suspicious activities which is why it has not blamed it directly. However, in the first presidential debate, Clinton directly accused Russian President, Vladimir Putin of ordering the attacks.