Clues about a hacking group that carried out attacks against targets in countries including Syria, Iran and Russia were included in files leaked by a mysterious group known as the Shadow Brokers, according to new findings.
Researchers from the security vendor Kaspersky published a report Tuesday detailing an advanced persistent threat (APT) group the company has dubbed DarkUniverse. Documents published in 2017 by the Shadow Brokers — an elusive group that publicly disseminated NSA hacking tools — included a script that checked for other hacking groups lurking in a compromised system. DarkUniverse was among the groups the script could check for.
The DarkUniverse group hit victims in Afghanistan, Tanzania, Ethiopia, Belarus and the United Arab Emirates, along with more common targets like Russia, Iran and Syria. All told, the APT group breached “around” 20 victims ranging from military agencies to private sector organizations like telecommunication firms, and medical institutions.
“We believe the number of victims during the main period of activity between 2009 and 2017 was much greater,” the researchers wrote.
Kaspersky did not speculate on what, if any, nation-state benefited from the DarkUniverse group’s cyber-espionage activity. The company did say they found that some of the code used by the group overlapped with the ItaDuke APT, which Kaspersky caught targeting China’s Uighur and Tibetan populations with malicious PDF files in 2013.
< ..
Support the originator by clicking the read the rest link below.
