News

ESET discovered a new version of the Okrum Trojan from APT15 grouping

The international antivirus company ESET discovered a new modification of the Okrum backdoor.

Analysis of the samples suggests that they are part of the Ke3chang hacker group (also known as APT15) arsenal.

Despite Okrum technical simplicity, attackers are able to hide its presence. For example, the malware loader hidden in a PNG file, and additional encrypted files are not visible to the user. Backdoor operators also hide malicious traffic using the C & C server.

“Some of the malicious samples used against Slovak companies were associated with the domain that imitated the Slovak cartographic portal,” – said Eset expert Zuzana Hromcova.

Okrum was first detected in December 2016. During 2017, the backdoor was used for targeted attacks on diplomatic missions and government agencies in Slovakia, Belgium, Brazil, Chile and Guatemala.

At the same time, attackers targeted organizations that had been previously affected by another malware family called Ketrican.

Read also: Malicious versions of WinRAR, Winbox and IDM distribute StrongPity spyware

The Ketrican backdoor was fixed in 2015 – when ESET noticed suspicious activity in Slovakia, Croatia, the Czech Republic and a number of other countries. After analyzing the malware samples, the experts decided that they belong to the Ke3chang constellation set. In subsequent years, Eset recorded the appearance of new versions of this backdoor.

Zuzana Hromcova
Zuzana Hromcova

“We found out that the Okrum and Ketrican malwares were used in attacks on the same diplomatic agencies. The grouping is still active – in March 2019 we fixed another Ketrican sample,” – said Eset expert Zuzana Hromcova.

Cybercriminals from Ke3chang have been active since at least 2010. The goal of hackers is spying for diplomatic organizations in Europe.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button