A new form of malware named Netrepser has been found to be using advanced software tools to steal information from government agencies.
Netrepser does not use advanced malware, but its effect is quite profound thanks to usage of software tools that can easily be modified to attack government agencies.
First detected by researchers at cyber-security firm Bitdefender, the new malware uses several methods to get inside government systems, including keylogging to password and cookie theft. It is basically a weaponised version of a recovery toolkit software provided by Nirsoft, which is normally used to recover cached passwords or monitor network traffic.
Researchers at Bitdefender identified as many as 500 infected bots. How Netrepser works is by sending out malicious e-mails rigged with DOC attachments. These e-mails are sent out from firstname.lastname@example.org and features the name of Donald Spencer, who incidentally is the Managing Director of an equity investment firm named Siguler Guff.
“The malware campaign identified and documented by Bitdefender represents a new intelligence collection program that, to our knowledge, has not been documented before. Because of the nature of these attacks, attribution is impossible unless we dig into the realm of speculation. Our technical analysis however, has revealed that some documents and file paths this campaign is using are written in Cyrillic. From its discovery in May 2016 until now, the group behind it has compromised about 500 computers and exfiltrated an unknown number of documents, login credentials or other pieces of intelligence,” said a report published by the researchers.
This isn’t the first time that hackers have used weaponised malware to exclusively target government agencies. Recently, a number of political parties in the United States, France and Germany were targeted by cyber-attacks conducted by Russian hackers who are sometimes linked with the Russian government. The hackers then use stolen information to create fake news or propaganda to influence voters and manage elections.
“Fortunately, we’ve not seen yet on UK soil the more extreme attacks, like the ability to turn off or disrupt central services. But we do see that they can be done and there’s been evidence of this happening across the globe. So the government, which obviously considers the safety of citizens as one of its number one priorities, is committed to make sure we secure ourselves against cyber-attacks,” said James Snook, deputy director for cyber security and information assurance at the Cabinet Office to Business Reporter. He was addressing questions on why the government is spending £1.9 billion on cyber security.