Miniduke is back: Nemesis Gemina and the Botgen Studio

A 2014 update on one of the world’s most unusual APT operations

In 2013, together with our partner CrySyS Lab, we announced our research on a new APT actor we dubbed “Miniduke”. It stood out from the “APT bunch” for several reasons, including:

Its use of a customized backdoor written in Assembler (who still writes in Assembler in the age of Java and .NET?)
A unique command and control mechanism that uses multiple redundancy paths, including Twitter accounts
Stealthy transfer of updates as executables hidden inside GIF files (a form of steganography)

We have pointed out that this threat actor used malware developed using “old-school” virus writing techniques and habits.

Our analysis was continued later by researchers from CIRCL/Luxembourg and several other AV companies. Recently, we became aware of an F-Secure publication on the same topic (under the name “CosmicDuke”).

In the wake of our publications from 2013, the Miniduke campaigns have stopped or at least decreased in intensity. However, in the beginning of 2014 they resumed attacks in full force, once again grabbing our attention.

Read more: Miniduke is back: Nemesis Gemina and the Botgen Studio

Story added 3. July 2014, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

2017 Antivirus News | Powered by WordPress | Fluxipress Theme | Show My IP Address, check blacklists | Free Favicon, Android and Apple Icon Generator | Bitcoin and Crypto Currency News