Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA).
Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency.
Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups.
These malware strains did not present any similarities with malware associated with other APT groups.
A deeper analysis of some of these samples revealed that they were compiled in 2014 and used in the wild between 2014 and 2015. Although the researchers have not found any shared code with any other known malware family, the samples shared coding patterns, style, and techniques with the code belonging to the Lambert families.
“Although we have not found any shared code with any other known malware, the samples have intersections of coding patterns, style and techniques that have been seen in various Lambert families. We therefore named this malware Purple Lambert.” states the APT trends report Q1 2021 published by Kaspersky. “Purple Lambert is composed of several modules, with its network module passively listening for a magic packet. It is capable of providing an attacker with basic information about the infected system and executing a received payload.”
The Lambert APT (aka Longhorn APT) has been active since at least 2008, but its first samples were spotted in 2014. The group is highly sophisticated and targeted or ..
Support the originator by clicking the read the rest link below.
